[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Key Signatures Issues - Re: matter of semantics
Thanks for the note.
The SPLAT! paper is in press with Software QA magazine, should be on the
street in about a month.
It is, unfortunately, too late to stop the presses. After Software QA hits
the streets, I get to post a copy on my web page. I'll post a corrected one
on my web page and use a different insecurity example instead. All other
corrections/arguments are welcome too. I make these points verbally at
lawyers' meetings and if I'm misinforming them, well, I don't want to do that.
-- cem
At 02:59 PM 1/5/98 -0500, Carl Ellison wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Cem,
>
>At 12:05 AM 1/2/98 -0800, Cem Kaner wrote:
>>Unfortunately, laws get passed that add meaning to these keys.
>
>Yup -- unfortunate.
>
>>My statement was not about the potential liability of the issuer of the key
>>(or of an associated certificate) but rather about potential liability of
>>the user of the key. If you register your key with a certificate authority,
>>then you open yourself for liability for fraudulent use of your key in the
>>future.
>>
>>Details are included in my paper, attached. (Comments welcome.)
>
>Great paper! Thanks for sending a copy. Can I refer to it? Is there a
>solid citation? Meanwhile, may I give people preprints?
>
>I found a couple of flaws -- one serious enough to stop the presses.
>[That one: you cite an attack of having a user encrypt a large thing with
>his key and from that attack the key. This just doesn't apply. It's a case
>from symmetric crypto, but we're not using symmetric crypto here.]
>
>I'll forward the others to you, without all the cc:'s.
>
>>By the way, the next meeting of the National Conference of Commissioners on
>>Uniform State Laws (NCCUSL), on the Uniform Electronic Transactions Act, is
>>at the Wyndham Anatole Hotel in Dallas, January 9-11. The next meeting of
>>NCCUSL on Article 2B is at the Dallas Marriott (not sure offhand which one,
>>check www.nccusl.com for info) on feb 20-22. It's easy to gripe about
>>lawyers. It's harder to explain to them (and to the interest groups they
>>represent) that some of the ideas they're fond of are not workable.
>
>Yup -- I wish I could attend some of these. I did manage to give a talk to
>an ABA-ISC meeting last year, to get them thinking, but didn't contact any
>of these others.
>
> - Carl
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP for Personal Privacy 5.5.3
>
>iQCVAwUBNLE7pRN3Wx8QwqUtAQGP3QP+NWAbYtinboulZMDzW1lL5hK+GTwb7ES6
>5aXFlwYIKJB4YeGbjJ0vdX5nFuCuIIH+eyBSJoKc9hUT+A6DhEtsmO/R8Aby0Iec
>WYd/YkVP5RNi8XAmnJ2C12tVAdsyksuu4iEiixPpztB22oSMIVqtc9WXEzBPf6Q/
>zoTJOuZoVOo=
>=Hwzj
>-----END PGP SIGNATURE-----
>
>
>+------------------------------------------------------------------+
>|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
>|CyberCash, Inc. http://www.cybercash.com/ |
>|207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
>|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
>+------------------------------------------------------------------+
>
>
_______________________________________________________________________
Cem Kaner, J.D., Ph.D. Attorney at Law
P.O. Box 1200 Santa Clara, CA 95052 408-244-7000
Author (with Falk & Nguyen) of TESTING COMPUTER SOFTWARE (2nd Ed, VNR)
This e-mail communication should not be interpreted as legal advice
or a legal opinion. The transmission of this e-mail communication
does not create an attorney-client relationship between me and you.
Do not act or rely upon law-related information in this communication
without seeking the advice of an attorney. Finally, nothing in this
message should be interpreted as a "digital signature" or "electronic
signature" that can create binding commercial transactions.
References: