[10107] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (pasward@big.uwaterloo.ca)
Mon Jan 14 10:46:14 2002
From: <pasward@big.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15426.62325.233088.594395@sandrock.uwaterloo.ca>
Date: Mon, 14 Jan 2002 10:04:21 -0500
To: EKR <ekr@rtfm.com>
Cc: Ben Laurie <ben@algroup.co.uk>, kudzu@tenebras.com,
Carl Ellison <cme@acm.org>, Phillip Hallam-Baker <hallam@ai.mit.edu>,
SPKI Mailing List <spki@wasabisystems.com>,
cryptography@wasabisystems.com
In-Reply-To: <kj1ygtc82s.fsf@romeo.rtfm.com>
Eric Rescorla writes:
> Ben Laurie <ben@algroup.co.uk> writes:
>
> > Michael Sierchio wrote:
> > >
> > > Carl Ellison wrote:
> > >
> > > > If that's not good enough for you, go to https://store.palm.com/
> > > > where you have an SSL secured page. SSL prevents a man in the middle
> > > > attack, right? This means your credit card info goes to Palm
> > > > Computing, right? Check the certificate.
> > >
> > > To be fair, most commercial CA's require evidence of "right to use"
> > > a FQDN in an SSL server cert. But your point is apt.
> >
> > And most (all?) commercial CAs then disclaim any responsibility for
> > having actually checked that right correctly...
> While this is true, I'd point out that all the security software
> you're using disclaims any responsibility for not having gaping
> security holes.
If an automaker disclaimed liability for a vehicle, and a negligent
design or manufacture resulted in injury or loss, it is my
understanding that the liability disclaimer notwithstanding, the
automaker would be held responsible. Why do we believe that the same
would not be the case for software?
Paul Ward
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
