Has any public CA ever had their certificate revoked?
Anne & Lynn Wheeler
lynn at garlic.com
Tue May 5 17:06:10 EDT 2009
On 05/05/09 14:01, Thierry Moreau wrote:
> Before the collapse of the .com market in year 2000, there were
> grandiose views of "global PKIs," even with support by digital signature
> laws.
>
> Actually, it turned out that CA liability avoidance was the golden rule
> at the law and business model abstraction level. Bradford Biddle
> published a couple of articles on this topic, e.g. in the San Diego Law
> Review, Vol 34, No 3.
>
> The main lesson (validated after the PKI re-birth post-2002) is that no
> entity will ever position itself as a commercially viable global CA
> unless totally devoid of liability towards relying parties.
>
> Thus no punishment is conceivable beyond the Peter's opinions (they are
> protected by Freedom of speech at least). That was predicted by the Brad
> Biddle analysis 12 years ago.
we had been brought in to help word-smith the cal. state electronic signature law. there was some legal types who very clearly differentiated what was required for something to be considered "human signature" (implication that something has been read, understood, agrees, approves, &/or authorizes) and PKI "digital signatures" used for authentication.
we've periodically commented that there may be some cognitive dissonance because both terms contain the word "signature".
slightly related pontification
http://www.garlic.com/~lynn/2009g.html#48
regarding this recent article mentioning SSL
Inventor: SSL security woes are really the fault of browser design
http://www.fiercecio.com/techwatch/story/inventor-ssl-security-woes-really-fault-browser-design/2009-05-05
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list