[10108] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Mon Jan 14 10:47:59 2002
To: <pasward@big.uwaterloo.ca>
Cc: Ben Laurie <ben@algroup.co.uk>, kudzu@tenebras.com,
Carl Ellison <cme@acm.org>, Phillip Hallam-Baker <hallam@ai.mit.edu>,
SPKI Mailing List <spki@wasabisystems.com>,
cryptography@wasabisystems.com
Reply-To: EKR <ekr@rtfm.com>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Eric Rescorla <ekr@rtfm.com>
Date: 14 Jan 2002 07:10:21 -0800
In-Reply-To: <pasward@big.uwaterloo.ca>'s message of "Mon, 14 Jan 2002 10:04:21 -0500"
Message-ID: <kjy9j1arz6.fsf@romeo.rtfm.com>
<pasward@big.uwaterloo.ca> writes:
> Eric Rescorla writes:
> > Ben Laurie <ben@algroup.co.uk> writes:
> > > And most (all?) commercial CAs then disclaim any responsibility for
> > > having actually checked that right correctly...
> > While this is true, I'd point out that all the security software
> > you're using disclaims any responsibility for not having gaping
> > security holes.
>
> If an automaker disclaimed liability for a vehicle, and a negligent
> design or manufacture resulted in injury or loss, it is my
> understanding that the liability disclaimer notwithstanding, the
> automaker would be held responsible. Why do we believe that the same
> would not be the case for software?
In that case, why should the liability also apply to CAs, despite their
disclaimers?
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
