[11109] in cryptography@c2.net mail archive
Re: IP: SSL Certificate "Monopoly" Bears Financial Fruit
daemon@ATHENA.MIT.EDU (Enzo Michelangeli)
Sun Jul 14 10:48:35 2002
Reply-To: "Enzo Michelangeli" <em@em.no-ip.com>
From: "Enzo Michelangeli" <em@who.net>
To: <cryptography@wasabisystems.com>
Date: Sun, 14 Jul 2002 21:44:19 +0800
----- Original Message -----
From: "Lucky Green" <shamrock@cypherpunks.to>
To: <cryptography@wasabisystems.com>; <cypherpunks@lne.com>
Sent: Sunday, July 14, 2002 11:55 AM
Subject: RE: IP: SSL Certificate "Monopoly" Bears Financial Fruit
> > The cert shows that it's issued by Equifax, however.
>
> The cert shows as being issued by Equifax because Geotrust purchased
> Equifax's root embedded in major browsers since MSIE 5 on the secondary
> market. (Geotrust purchased more than just the root).
This raises an interesting legal issue. Should any loss from a mis-issued
cert arise to a party who trusted the "Equifax" brand name shown in the cert
chain, but doesn't know (or want to know) anything about Geotrust, who would
be liable?
(Yeah, I know, any liability is usually disclaimed away, but I mean: which
one of the two is supposed to represent the "trusted" thirt party?)
Enzo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
