----- Original Message -----
From: "Greg Broiles" <[EMAIL PROTECTED]>
To: "Enzo Michelangeli" <[EMAIL PROTECTED]>; "R. A. Hettinga"
<[EMAIL PROTECTED]>; "Matt Crawford" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, May 31, 2001 11:45 PM
Subject: Re: Lie in X.BlaBla...
> At 07:22 AM 5/31/2001 +0800, Enzo Michelangeli wrote:
>
> >Besides, it would be idiotic to grant access to information or
authorization
> >for a transaction to someone, just because he or she has presented a
"public
> >key certificate": authentication protocols require possession of the
private
> >key. Those legislators just don't know what they are talking about.
> >Scary.
>
> The statute didn't say "just because" or describe a technical architecture
> for an access control system - it criminalized the presentation of a
> certificate without "owning" the corresponding private key.
Uhm... So, which devious use of someone else's certificate were those guys
trying to address? Also a bona fide certificate server could fall afoul of
such law. In my experience, misguided laypeople build their attitude towards
handling of certificates on the assumption that "a certificate is like a
digital ID card". This sounds like one of those cases.
Enzo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
