Steven M. Bellovin wrote:
> I was reading a CPS from GeoTrust -- 91 pages of legalese! -- and came
> across the following statement:
>       Without limiting the generality of the foregoing, GeoTrust's
>       root public keys and the root Certificates containing them,
>       including all self-signed certificates, are the property of
>       GeoTrust.  GeoTrust licenses software and hardware
>       manufacturers to reproduce such root Certificates to place
>       copies in trustworthy hardware devices or software.
> Under what legal theory might a certificate -- or a key! -- be
> considered "property"?  There wouldn't seem to be enough creativity in
> a certificate, let alone a key, to qualify for copyright protection.

A private key is obviously meant to be kept secret, and commercial
secrets are commonly protected as trade secrets (US terminology) or as
benefiting from the law about confidentiality (UK terminology).  The
right to have the secret kept is capable of being seen as a form of
intangible property (though whether it is useful to call it
"intellectual" seems to be contentious to some).

Forms of certificate seem to be fairly standard, and not many CAs would
have much chance of proving that they originated and owned the form they
use.  Creativity requirements vary quite widely between legal systems.
The UK requirement is not high: "originality" requires primarily that
the work originated from the author, not that it required artistic
input.  A cryptographic key should certainly satisfy that requirement.

Copyright seems to be what GeoTrust has in mind in licensing
reproduction of the certificates.

> I won't even comment on the rest of the CPS, not even such gems as
> "Subscribers warrant that ... their private key is protected and that
> no unauthorized person has ever had access to the Subscriber's private
> key."  And just how can I tell that?

A nice example of how lawyers can effectively undermine their CA
clients' claims to be adding value.

Nicholas Bohm
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK

Phone  01279 870285    (+44 1279 870285)
Mobile  07715 419728    (+44 7715 419728)

PGP public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to