[anti-abuse-wg] Is the LoA DoA for Routing? - article at FIRST blog

Greetings,

On Friday, 19 January 2024 at 11:40, Richard Clayton <richard at highwayman.com> wrote:

> A key point that the article misses is that yes, LOAs can (and have
> been) forged. 

Yes, that didn't reach the final version in an explicit way... :-)



> However forging them is a criminal act (in the US it will
> be charged under "wirefraud" statutes) -- and numerous of the criminal
> proceedings which have been undertaken for theft of IP resources have
> used the wirefraud statutes.

Luckly! :-)

 
> Yes, stealing a private key (or guessing a password to it) and then
> creating cryptographic signed objects is also likely to be criminal but
> it may be somewhat harder for courts to understand (and for the matter
> for prosecutors to identify suitable caselaw that makes the current > case
> somewhat more open and shut).

I completely agree. And there is a fairly recent & notorious case...

 
> [[ Also, I have been told that some forgeries are laughably inept,
> whereas laughably weak passwords are a little harder to spot ]]

Nonetheless, the key idea is that we should be turning to "cryptographic trust", instead of papers (forged or not).


Best Regards,
Carlos


 
> --
> richard Richard Clayton
> 
> Those who would give up essential Liberty, to purchase a little temporary
> Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
> --
> 
> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://mailman.ripe.net/