[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Certificates: limiting your liability with reuse limitations

To: cypherpunks <[email protected]>
Subject: Certificates: limiting your liability with reuse limitations
From: Michael Froomkin <[email protected]>
Date: Mon, 8 Jan 1996 17:31:24 -0500 (EST)
Sender: [email protected]

Suppose I am a CA.  I am worried that by issuing a certificate with a 
lifespan of more than 2 milliseconds I am opening myself up to unlimited 
liability if for some reason, despite my best efforts, I issue an 
erroneous certificate.

I know I can write disclaimers, but that's not reliable since courts 
often ignore them, and anyway it scares off customers.

I know I can put an expiration date on the certificate, but that's not 
enough.  I can accumulate a lot of exposure in a few seconds, much less 
weeks.

I know I can put a reliance limit in the X.509 ver 3 certificate, but 
that's not enough.  Even a $1 limit could be used many millions of times.

Is it feasabile to say: Can only be relied on once per day/week/month?  
Is this something the relying parties can reasonably be expected to monitor?

It seems to me that this sort of a limit is essential if a CA is to feel 
comfortable outside Utah....

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | [email protected]
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.

Follow-Ups:
- Re: Certificates: limiting your liability with reuse limitations
  - From: [email protected] (Futplex)
- Re: Certificates: limiting your liability with reuse limitations
  - From: Hal <[email protected]>

Prev by Date: Re: WIRE TAP ON NET
Next by Date: Re: phone calls from hell
Prev by thread: W 4:15 ** Markoff and Shimomura on the pursuit of Kevin Mitnick, ComputerCriminal
Next by thread: Re: Certificates: limiting your liability with reuse limitations
Index(es):
- Date
- Thread