Upload
sandra-woll
View
213
Download
0
Embed Size (px)
DESCRIPTION
VBCBN
Citation preview
Texas Tex. Penal Code § 32.51Utah Utah Code Ann. § 76–6-1101–1104Virginia Va. Code Ann. § 18.2–186.3Washington Wash. Rev. Code § 9.35.020West Virginia W.Va. Code § 61–3-54Wisconsin Wis. Stat. § 943.201Wyoming Wyo. Stat. Ann. § 6–3-901
11. Stewart A. Baker and Paul R. Hurst, The Limits of Trust: Cryptography, Governments,and Electronic Commerce (Boston: Kluwer Law International, 1998), xv.
12. Ibid.13. See Hal Abelson et al., “The Risks of Key Recovery, Key Escrow, and Trusted Third-
Party Encryption,”WorldWideWeb Journal 2 (1997): 241, 245: “Although cryptography has tra-ditionally been associated with confidentiality, other cryptographic mechanisms, such asauthentication codes and digital signatures, can assure that messages have not been tamperedwith or forged.”
14. Whitfield Diffie and Martin E. Hellman, “New Directions in Cryptography,” IEEETransactions on Information Theory it–22 (November 1976): 29–40. The idea had apparentlybeen discovered earlier by James Ellis at the British Government Communication Headquar-ters, but it was not then published; see Baker and Hurst, The Limits of Trust, xvii–xviii.
15. Even if the wires are tapped, this type of encryption still achieves its magic.We can geta hint of how in a series of cases whose accumulating impact makes the potential clear.
A. If I want to send a message to you that I know only you will be able to read, I can takeyour public key and use it to encrypt that message. Then I can send that message to you know-ing that only the holder of the private key (presumably you) will be able to read it. Advantage:My message to you is secure. Disadvantage: You can’t be sure it is I who sent you the message.Because anyone can encrypt a message using your public key and then send it to you, youhave no way to be certain that I was the one who sent it. Therefore, consider the next example.
B. Before I send the message I have encrypted with your public key, I can encrypt it withmy private key. Then when you receive the message from me, you can first decrypt it with mypublic key, and then decrypt it again with your private key. After the first decryption, you canbe sure that I (or the holder of my private key) was the one who sent you the message; after thesecond decryption, you can be sure that only you (or other holders of your private key) actuallyread the content of the message. But how do you know that what I say is the public key of LarryLessig is actually the public key of Larry Lessig? How can you be sure, that is, that the public keyyou are using is actually the public key it purports to be? Here is where the next examplecomes in.
C. If there is a trustworthy third party (say, my bank, or the Federal Reserve Board, or theACLU) with a public key (a fact I am able to verify because of the prominence of the institu-tion), and that third party verifies that the public key of Larry Lessig is actually the public keyof Larry Lessig, then along with mymessage sent to you, encrypted first in your public key andsecond in my private key, would be a certificate, issued by that institution, itself encryptedwith the institution’s private key. When you receive the message, you can use the institution’spublic key to decrypt the certificate; take from the certificate my public key (which you now arefairly confident is my public key); decrypt the message I sent you with the key held in the cer-tificate (after which you are fairly confident comes from me); and then decrypt the messageencrypted with your public key (which you can be fairly confident no one else has read). If wedid all that, you would know that I am who I say I am and that the message was sent by me; Iwould know that only you read the message; and you would know that no one else read themessage along the way.
notes to chapter four 353
0465039146-RM 12/5/06 12:31 AM Page 353