I was reading a CPS from GeoTrust -- 91 pages of legalese! -- and came
across the following statement:
Without limiting the generality of the foregoing, GeoTrust's
root public keys and the root Certificates containing them,
including all self-signed certificates, are the property of
GeoTrust. GeoTrust licenses software and hardware
manufacturers to reproduce such root Certificates to place
copies in trustworthy hardware devices or software.
Under what legal theory might a certificate -- or a key! -- be
considered "property"? There wouldn't seem to be enough creativity in
a certificate, let alone a key, to qualify for copyright protection.
I won't even comment on the rest of the CPS, not even such gems as
"Subscribers warrant that ... their private key is protected and that
no unauthorized person has ever had access to the Subscriber's private
key." And just how can I tell that?
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
