CFP: PKI research workshop

Eric Rescorla ekr at rtfm.com
Mon Jan 14 10:24:25 EST 2002


<pasward at big.uwaterloo.ca> writes:

> Eric Rescorla writes:
>  > <pasward at big.uwaterloo.ca> writes:
>  > > If an automaker disclaimed liability for a vehicle, and a negligent
>  > > design or manufacture resulted in injury or loss, it is my
>  > > understanding that the liability disclaimer notwithstanding, the
>  > > automaker would be held responsible.  Why do we believe that the same
>  > > would not be the case for software?
>  > In that case, why should the liability also apply to CAs, despite their
>  > disclaimers?
> 
> Do you mean "why should," or "why shouldn't?"  If the latter, then,
> sure, I believe it should.  People running around in business selling
> products and services and then disclaiming any liability with regard
> to their performance _for_their_intended_task_ is, IMHO, wrong.

Right. My point is this:
Security people often argue that PKI is worthless on the grounds that
the CAs disclaim all liability. This argument leads to the conclusion
that security is essentially worthless since scurity software
almost invariably comes with a disclaimer of all liability.

-Ekr

-- 
[Eric Rescorla                                   ekr at rtfm.com]
                http://www.rtfm.com/



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list