1
Texas Tex. Penal Code § 32.51 Utah Utah Code Ann. § 76–6-1101–1104 Virginia Va. Code Ann. § 18.2–186.3 Washington Wash. Rev. Code § 9.35.020 West Virginia W. Va. Code § 61–3-54 Wisconsin Wis. Stat. § 943.201 Wyoming Wyo. Stat. Ann. § 6–3-901 11. Stewart A. Baker and Paul R. Hurst, The Limits of Trust: Cryptography, Governments, and Electronic Commerce (Boston: Kluwer Law International, 1998), xv. 12. Ibid. 13. See Hal Abelson et al.,“The Risks of Key Recovery, Key Escrow, and Trusted Third- Party Encryption,” World Wide Web Journal 2 (1997): 241, 245: “Although cryptography has tra- ditionally been associated with confidentiality, other cryptographic mechanisms, such as authentication codes and digital signatures, can assure that messages have not been tampered with or forged.” 14. Whitfield Diffie and Martin E. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory it–22 (November 1976): 29–40. The idea had apparently been discovered earlier by James Ellis at the British Government Communication Headquar- ters, but it was not then published; see Baker and Hurst, The Limits of Trust, xvii–xviii. 15. Even if the wires are tapped, this type of encryption still achieves its magic. We can get a hint of how in a series of cases whose accumulating impact makes the potential clear. A. If I want to send a message to you that I know only you will be able to read, I can take your public key and use it to encrypt that message. Then I can send that message to you know- ing that only the holder of the private key (presumably you) will be able to read it. Advantage: My message to you is secure. Disadvantage:You can’t be sure it is I who sent you the message. Because anyone can encrypt a message using your public key and then send it to you, you have no way to be certain that I was the one who sent it. Therefore, consider the next example. B. Before I send the message I have encrypted with your public key, I can encrypt it with my private key. Then when you receive the message from me, you can first decrypt it with my public key, and then decrypt it again with your private key. After the first decryption, you can be sure that I (or the holder of my private key) was the one who sent you the message; after the second decryption, you can be sure that only you (or other holders of your private key) actually read the content of the message. But how do you know that what I say is the public key of Larry Lessig is actually the public key of Larry Lessig? How can you be sure, that is, that the public key you are using is actually the public key it purports to be? Here is where the next example comes in. C. If there is a trustworthy third party (say, my bank, or the Federal Reserve Board, or the ACLU) with a public key (a fact I am able to verify because of the prominence of the institu- tion), and that third party verifies that the public key of Larry Lessig is actually the public key of Larry Lessig, then along with my message sent to you, encrypted first in your public key and second in my private key, would be a certificate, issued by that institution, itself encrypted with the institution’s private key. When you receive the message, you can use the institution’s public key to decrypt the certificate; take from the certificate my public key (which you now are fairly confident is my public key); decrypt the message I sent you with the key held in the cer- tificate (after which you are fairly confident comes from me); and then decrypt the message encrypted with your public key (which you can be fairly confident no one else has read). If we did all that, you would know that I am who I say I am and that the message was sent by me; I would know that only you read the message; and you would know that no one else read the message along the way. notes to chapter four 353

367

Embed Size (px)

DESCRIPTION

VBCBN

Citation preview

Page 1: 367

Texas Tex. Penal Code § 32.51Utah Utah Code Ann. § 76–6-1101–1104Virginia Va. Code Ann. § 18.2–186.3Washington Wash. Rev. Code § 9.35.020West Virginia W.Va. Code § 61–3-54Wisconsin Wis. Stat. § 943.201Wyoming Wyo. Stat. Ann. § 6–3-901

11. Stewart A. Baker and Paul R. Hurst, The Limits of Trust: Cryptography, Governments,and Electronic Commerce (Boston: Kluwer Law International, 1998), xv.

12. Ibid.13. See Hal Abelson et al., “The Risks of Key Recovery, Key Escrow, and Trusted Third-

Party Encryption,”WorldWideWeb Journal 2 (1997): 241, 245: “Although cryptography has tra-ditionally been associated with confidentiality, other cryptographic mechanisms, such asauthentication codes and digital signatures, can assure that messages have not been tamperedwith or forged.”

14. Whitfield Diffie and Martin E. Hellman, “New Directions in Cryptography,” IEEETransactions on Information Theory it–22 (November 1976): 29–40. The idea had apparentlybeen discovered earlier by James Ellis at the British Government Communication Headquar-ters, but it was not then published; see Baker and Hurst, The Limits of Trust, xvii–xviii.

15. Even if the wires are tapped, this type of encryption still achieves its magic.We can geta hint of how in a series of cases whose accumulating impact makes the potential clear.

A. If I want to send a message to you that I know only you will be able to read, I can takeyour public key and use it to encrypt that message. Then I can send that message to you know-ing that only the holder of the private key (presumably you) will be able to read it. Advantage:My message to you is secure. Disadvantage: You can’t be sure it is I who sent you the message.Because anyone can encrypt a message using your public key and then send it to you, youhave no way to be certain that I was the one who sent it. Therefore, consider the next example.

B. Before I send the message I have encrypted with your public key, I can encrypt it withmy private key. Then when you receive the message from me, you can first decrypt it with mypublic key, and then decrypt it again with your private key. After the first decryption, you canbe sure that I (or the holder of my private key) was the one who sent you the message; after thesecond decryption, you can be sure that only you (or other holders of your private key) actuallyread the content of the message. But how do you know that what I say is the public key of LarryLessig is actually the public key of Larry Lessig? How can you be sure, that is, that the public keyyou are using is actually the public key it purports to be? Here is where the next examplecomes in.

C. If there is a trustworthy third party (say, my bank, or the Federal Reserve Board, or theACLU) with a public key (a fact I am able to verify because of the prominence of the institu-tion), and that third party verifies that the public key of Larry Lessig is actually the public keyof Larry Lessig, then along with mymessage sent to you, encrypted first in your public key andsecond in my private key, would be a certificate, issued by that institution, itself encryptedwith the institution’s private key. When you receive the message, you can use the institution’spublic key to decrypt the certificate; take from the certificate my public key (which you now arefairly confident is my public key); decrypt the message I sent you with the key held in the cer-tificate (after which you are fairly confident comes from me); and then decrypt the messageencrypted with your public key (which you can be fairly confident no one else has read). If wedid all that, you would know that I am who I say I am and that the message was sent by me; Iwould know that only you read the message; and you would know that no one else read themessage along the way.

notes to chapter four 353

0465039146-RM 12/5/06 12:31 AM Page 353

Edicion 367

Edicion 367

Documents
Electromagnetics (ENGR 367)

Electromagnetics (ENGR 367)

Documents
Katalog SAS-99 · QUALITÄT AUS EDELSTAHL ... stock no. 367 010 003 367 010 004 367 010 005 367 010 006 367 010 008 367 010 010 M M M M M 3 4 5 6 8 MIO d2

Katalog SAS-99 · QUALITÄT AUS EDELSTAHL ... stock no. 367 010 003 367 010 004 367 010 005 367 010 006 367 010 008 367 010 010 M M M M M 3 4 5 6 8 MIO d2

Documents
Edición Nº 367

Edición Nº 367

Documents
Boletín N° 367

Boletín N° 367

Documents
Bureo | Edición 367

Bureo | Edición 367

Documents
Sport magazine 367

Sport magazine 367

Documents
DECRETO 367

DECRETO 367

Documents
брой16 (367)

брой16 (367)

Documents
El Universal 367

El Universal 367

Documents
367 batdangthuc chon

367 batdangthuc chon

Science
Jornal Afolha 367

Jornal Afolha 367

Documents
Electromagnetics (ENGR 367)

Electromagnetics (ENGR 367)

Documents
Edição 367

Edição 367

Documents
JURISPRUDENCIA Roj: SAP A 367/2019 ECLI:ES:APA:2019:367

JURISPRUDENCIA Roj: SAP A 367/2019 ECLI:ES:APA:2019:367

Documents
367 Outline

367 Outline

Documents
Pečat br. 367

Pečat br. 367

Documents
Metropolitano 367

Metropolitano 367

Documents
367 Tanzania

367 Tanzania

Documents
one piece 367

one piece 367

Documents
KM 367-20190710174757 ·

KM 367-20190710174757 ·

Documents
Semanal 367

Semanal 367

Documents
367 América Economía

367 América Economía

Documents
alnaspaper no.367

alnaspaper no.367

Documents
367 blower

367 blower

Documents
Manual 367

Manual 367

Documents
Roch 367 Existential

Roch 367 Existential

Documents
GPC 367 Enuresis

GPC 367 Enuresis

Documents
aut aut 367

aut aut 367

Documents
Nicasoft 367

Nicasoft 367

Documents