Greetings, On Friday, 19 January 2024 at 11:40, Richard Clayton <richard@highwayman.com> wrote:
A key point that the article misses is that yes, LOAs can (and have been) forged.
Yes, that didn't reach the final version in an explicit way... :-)
However forging them is a criminal act (in the US it will be charged under "wirefraud" statutes) -- and numerous of the criminal proceedings which have been undertaken for theft of IP resources have used the wirefraud statutes.
Luckly! :-)
Yes, stealing a private key (or guessing a password to it) and then creating cryptographic signed objects is also likely to be criminal but it may be somewhat harder for courts to understand (and for the matter for prosecutors to identify suitable caselaw that makes the current > case somewhat more open and shut).
I completely agree. And there is a fairly recent & notorious case...
[[ Also, I have been told that some forgeries are laughably inept, whereas laughably weak passwords are a little harder to spot ]]
Nonetheless, the key idea is that we should be turning to "cryptographic trust", instead of papers (forged or not). Best Regards, Carlos
-- richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 --
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg