Hi all, > Say I have discovered a marvelous method of easily factoring > RSA keys, which unfortunately the margin of this emacs buffer > is too small to contain, and I then go out, factor GeoTrust's > CA key and issue a new certificate. > > Questions: > > Am I now infringing on GeoTrust's IP rights? Or have, rather, > I made myself a co-owner in said rights on this particular key? > > Have I broken any law? If not, should what I have done be illegal?
Here's a variant that I find interesting ;-). It's not about the public key but about the signature, another cryptograhic field in a certificate that shares many properties with keys. Say somebody has discovered a marvelous method of finding collisions for a hash function. Then he creates two certificates, of which the to-be-signed parts form a hash collision. Then he lets a CA sign one of them, and copies the signature into the other one, making that a certificate that is indistinguishable from a valid one issued by the CA. Has he broken any copyright law? I admit this is a purely hypothetical case. Or... maybe it isn't? Grtz, Benne de Weger --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com