Lie in X.BlaBla...
Enzo Michelangeli
em at who.net
Thu May 31 21:58:51 EDT 2001
----- Original Message -----
From: "Greg Broiles" <gbroiles at well.com>
To: "Enzo Michelangeli" <em at em.no-ip.com>; "R. A. Hettinga"
<rah at shipwright.com>; "Matt Crawford" <crawdad at fnal.gov>
Cc: <cryptography at wasabisystems.com>
Sent: Thursday, May 31, 2001 11:45 PM
Subject: Re: Lie in X.BlaBla...
> At 07:22 AM 5/31/2001 +0800, Enzo Michelangeli wrote:
>
> >Besides, it would be idiotic to grant access to information or
authorization
> >for a transaction to someone, just because he or she has presented a
"public
> >key certificate": authentication protocols require possession of the
private
> >key. Those legislators just don't know what they are talking about.
> >Scary.
>
> The statute didn't say "just because" or describe a technical architecture
> for an access control system - it criminalized the presentation of a
> certificate without "owning" the corresponding private key.
Uhm... So, which devious use of someone else's certificate were those guys
trying to address? Also a bona fide certificate server could fall afoul of
such law. In my experience, misguided laypeople build their attitude towards
handling of certificates on the assumption that "a certificate is like a
digital ID card". This sounds like one of those cases.
Enzo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list