CFP: PKI research workshop
pasward at big.uwaterloo.ca
pasward at big.uwaterloo.ca
Mon Jan 14 10:17:57 EST 2002
Eric Rescorla writes:
> <pasward at big.uwaterloo.ca> writes:
>
> > Eric Rescorla writes:
> > > Ben Laurie <ben at algroup.co.uk> writes:
> > > > And most (all?) commercial CAs then disclaim any responsibility for
> > > > having actually checked that right correctly...
> > > While this is true, I'd point out that all the security software
> > > you're using disclaims any responsibility for not having gaping
> > > security holes.
> >
> > If an automaker disclaimed liability for a vehicle, and a negligent
> > design or manufacture resulted in injury or loss, it is my
> > understanding that the liability disclaimer notwithstanding, the
> > automaker would be held responsible. Why do we believe that the same
> > would not be the case for software?
> In that case, why should the liability also apply to CAs, despite their
> disclaimers?
Do you mean "why should," or "why shouldn't?" If the latter, then,
sure, I believe it should. People running around in business selling
products and services and then disclaiming any liability with regard
to their performance _for_their_intended_task_ is, IMHO, wrong.
Paul
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list