[10109] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (pasward@big.uwaterloo.ca)
Mon Jan 14 10:49:43 2002
From: <pasward@big.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15426.63141.571984.367940@sandrock.uwaterloo.ca>
Date: Mon, 14 Jan 2002 10:17:57 -0500
To: EKR <ekr@rtfm.com>
Cc: <pasward@big.uwaterloo.ca>, Ben Laurie <ben@algroup.co.uk>,
kudzu@tenebras.com, Carl Ellison <cme@acm.org>,
Phillip Hallam-Baker <hallam@ai.mit.edu>,
SPKI Mailing List <spki@wasabisystems.com>,
cryptography@wasabisystems.com
In-Reply-To: <kjy9j1arz6.fsf@romeo.rtfm.com>
Eric Rescorla writes:
> <pasward@big.uwaterloo.ca> writes:
>
> > Eric Rescorla writes:
> > > Ben Laurie <ben@algroup.co.uk> writes:
> > > > And most (all?) commercial CAs then disclaim any responsibility for
> > > > having actually checked that right correctly...
> > > While this is true, I'd point out that all the security software
> > > you're using disclaims any responsibility for not having gaping
> > > security holes.
> >
> > If an automaker disclaimed liability for a vehicle, and a negligent
> > design or manufacture resulted in injury or loss, it is my
> > understanding that the liability disclaimer notwithstanding, the
> > automaker would be held responsible. Why do we believe that the same
> > would not be the case for software?
> In that case, why should the liability also apply to CAs, despite their
> disclaimers?
Do you mean "why should," or "why shouldn't?" If the latter, then,
sure, I believe it should. People running around in business selling
products and services and then disclaiming any liability with regard
to their performance _for_their_intended_task_ is, IMHO, wrong.
Paul
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
