[11111] in cryptography@c2.net mail archive
RE: IP: SSL Certificate "Monopoly" Bears Financial Fruit
daemon@ATHENA.MIT.EDU (Lucky Green)
Mon Jul 15 10:09:49 2002
From: "Lucky Green" <shamrock@cypherpunks.to>
To: <cryptography@wasabisystems.com>
Date: Sun, 14 Jul 2002 23:27:42 -0700
In-Reply-To: <029001c22b3c$99d37740$0200000a@emnb>
Enzo wrote quoting Lucky:
> > The cert shows as being issued by Equifax because Geotrust
> purchased
> > Equifax's root embedded in major browsers since MSIE 5 on the
> > secondary market. (Geotrust purchased more than just the root).
>
> This raises an interesting legal issue. Should any loss from
> a mis-issued cert arise to a party who trusted the "Equifax"
> brand name shown in the cert chain, but doesn't know (or want
> to know) anything about Geotrust, who would be liable?
>
> (Yeah, I know, any liability is usually disclaimed away, but
> I mean: which one of the two is supposed to represent the
> "trusted" thirt party?)
I suspect that until there is more case law related to digital
certificates, this question will be very challenging to answer.
--Lucky
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
