On 05/05/09 14:01, Thierry Moreau wrote:
Before the collapse of the .com market in year 2000, there were
grandiose views of "global PKIs," even with support by digital signature

Actually, it turned out that CA liability avoidance was the golden rule
at the law and business model abstraction level. Bradford Biddle
published a couple of articles on this topic, e.g. in the San Diego Law
Review, Vol 34, No 3.

The main lesson (validated after the PKI re-birth post-2002) is that no
entity will ever position itself as a commercially viable global CA
unless totally devoid of liability towards relying parties.

Thus no punishment is conceivable beyond the Peter's opinions (they are
protected by Freedom of speech at least). That was predicted by the Brad
Biddle analysis 12 years ago.

we had been brought in to help word-smith the cal. state electronic signature law. there was some legal 
types who very clearly differentiated what was required for something to be considered "human 
signature" (implication that something has been read, understood, agrees, approves, &/or 
authorizes) and PKI "digital signatures" used for authentication.

we've periodically commented that there may be some cognitive dissonance because both 
terms contain the word "signature".

slightly related pontification

regarding this recent article mentioning SSL

Inventor: SSL security woes are really the fault of browser design

40+yrs virtualization experience (since Jan68), online at home since Mar70

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to