CFP: PKI research workshop
pasward at big.uwaterloo.ca
pasward at big.uwaterloo.ca
Mon Jan 14 10:04:21 EST 2002
Eric Rescorla writes:
> Ben Laurie <ben at algroup.co.uk> writes:
>
> > Michael Sierchio wrote:
> > >
> > > Carl Ellison wrote:
> > >
> > > > If that's not good enough for you, go to https://store.palm.com/
> > > > where you have an SSL secured page. SSL prevents a man in the middle
> > > > attack, right? This means your credit card info goes to Palm
> > > > Computing, right? Check the certificate.
> > >
> > > To be fair, most commercial CA's require evidence of "right to use"
> > > a FQDN in an SSL server cert. But your point is apt.
> >
> > And most (all?) commercial CAs then disclaim any responsibility for
> > having actually checked that right correctly...
> While this is true, I'd point out that all the security software
> you're using disclaims any responsibility for not having gaping
> security holes.
If an automaker disclaimed liability for a vehicle, and a negligent
design or manufacture resulted in injury or loss, it is my
understanding that the liability disclaimer notwithstanding, the
automaker would be held responsible. Why do we believe that the same
would not be the case for software?
Paul Ward
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list