[10110] in cryptography@c2.net mail archive
Re: CFP: PKI research workshop
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Mon Jan 14 10:51:38 2002
To: <pasward@big.uwaterloo.ca>
Cc: Ben Laurie <ben@algroup.co.uk>, kudzu@tenebras.com,
Carl Ellison <cme@acm.org>, Phillip Hallam-Baker <hallam@ai.mit.edu>,
SPKI Mailing List <spki@wasabisystems.com>,
cryptography@wasabisystems.com
Reply-To: EKR <ekr@rtfm.com>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
From: Eric Rescorla <ekr@rtfm.com>
Date: 14 Jan 2002 07:24:25 -0800
In-Reply-To: <pasward@big.uwaterloo.ca>'s message of "Mon, 14 Jan 2002 10:17:57 -0500"
Message-ID: <kjvge5arbq.fsf@romeo.rtfm.com>
<pasward@big.uwaterloo.ca> writes:
> Eric Rescorla writes:
> > <pasward@big.uwaterloo.ca> writes:
> > > If an automaker disclaimed liability for a vehicle, and a negligent
> > > design or manufacture resulted in injury or loss, it is my
> > > understanding that the liability disclaimer notwithstanding, the
> > > automaker would be held responsible. Why do we believe that the same
> > > would not be the case for software?
> > In that case, why should the liability also apply to CAs, despite their
> > disclaimers?
>
> Do you mean "why should," or "why shouldn't?" If the latter, then,
> sure, I believe it should. People running around in business selling
> products and services and then disclaiming any liability with regard
> to their performance _for_their_intended_task_ is, IMHO, wrong.
Right. My point is this:
Security people often argue that PKI is worthless on the grounds that
the CAs disclaim all liability. This argument leads to the conclusion
that security is essentially worthless since scurity software
almost invariably comes with a disclaimer of all liability.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
