IP: SSL Certificate "Monopoly" Bears Financial Fruit
Lucky Green
shamrock at cypherpunks.to
Mon Jul 15 02:27:42 EDT 2002
Enzo wrote quoting Lucky:
> > The cert shows as being issued by Equifax because Geotrust
> purchased
> > Equifax's root embedded in major browsers since MSIE 5 on the
> > secondary market. (Geotrust purchased more than just the root).
>
> This raises an interesting legal issue. Should any loss from
> a mis-issued cert arise to a party who trusted the "Equifax"
> brand name shown in the cert chain, but doesn't know (or want
> to know) anything about Geotrust, who would be liable?
>
> (Yeah, I know, any liability is usually disclaimed away, but
> I mean: which one of the two is supposed to represent the
> "trusted" thirt party?)
I suspect that until there is more case law related to digital
certificates, this question will be very challenging to answer.
--Lucky
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list