[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Signatures Issues - Re: matter of semantics

Thanks for the note.

The SPLAT! paper is in press with Software QA magazine, should be on the
street in about a month.

It is, unfortunately, too late to stop the presses. After Software QA hits
the streets, I get to post a copy on my web page. I'll post a corrected one
on my web page and use a different insecurity example instead. All other
corrections/arguments are welcome too. I make these points verbally at
lawyers' meetings and if I'm misinforming them, well, I don't want to do that.

-- cem

At 02:59 PM 1/5/98 -0500, Carl Ellison wrote:
>At 12:05 AM 1/2/98 -0800, Cem Kaner wrote:
>>Unfortunately, laws get passed that add meaning to these keys.
>Yup -- unfortunate.
>>My statement was not about the potential liability of the issuer of the key
>>(or of an associated certificate) but rather about potential liability of
>>the user of the key. If you register your key with a certificate authority,
>>then you open yourself for liability for fraudulent use of your key in the
>>Details are included in my paper, attached. (Comments welcome.)
>Great paper!  Thanks for sending a copy.  Can I refer to it?  Is there a 
>solid citation?  Meanwhile, may I give people preprints?
>I found a couple of flaws -- one serious enough to stop the presses.
>[That one: you cite an attack of having a user encrypt a large thing with 
>his key and from that attack the key.  This just doesn't apply.  It's a case 
>from symmetric crypto, but we're not using symmetric crypto here.]
>I'll forward the others to you, without all the cc:'s.
>>By the way, the next meeting of the National Conference of Commissioners on
>>Uniform State Laws (NCCUSL), on the Uniform Electronic Transactions Act, is
>>at the Wyndham Anatole Hotel in Dallas, January 9-11. The next meeting of
>>NCCUSL on Article 2B is at the Dallas Marriott (not sure offhand which one,
>>check www.nccusl.com for info) on feb 20-22. It's easy to gripe about
>>lawyers. It's harder to explain to them (and to the interest groups they
>>represent) that some of the ideas they're fond of are not workable.
>Yup -- I wish I could attend some of these.  I did manage to give a talk to 
>an ABA-ISC meeting last year, to get them thinking, but didn't contact any 
>of these others.
> - Carl
>Version: PGP for Personal Privacy 5.5.3
>|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
>|CyberCash, Inc.                      http://www.cybercash.com/    |
>|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
>|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
Cem Kaner, J.D., Ph.D.				       Attorney at Law 
P.O. Box 1200           Santa Clara, CA 95052             408-244-7000
Author (with Falk &  Nguyen) of TESTING COMPUTER SOFTWARE (2nd Ed, VNR)

This e-mail communication should not be interpreted as legal advice 
or a legal opinion.  The transmission of this e-mail communication 
does not create an attorney-client relationship between me and you.
Do not act or rely upon law-related information in this communication 
without seeking the advice of an attorney. Finally, nothing in this
message should be interpreted as a "digital signature" or "electronic
signature" that can create binding commercial transactions.