On 05/05/09 14:01, Thierry Moreau wrote:
Before the collapse of the .com market in year 2000, there were
grandiose views of "global PKIs," even with support by digital signature
laws.
Actually, it turned out that CA liability avoidance was the golden rule
at the law and business model abstraction level. Bradford Biddle
published a couple of articles on this topic, e.g. in the San Diego Law
Review, Vol 34, No 3.
The main lesson (validated after the PKI re-birth post-2002) is that no
entity will ever position itself as a commercially viable global CA
unless totally devoid of liability towards relying parties.
Thus no punishment is conceivable beyond the Peter's opinions (they are
protected by Freedom of speech at least). That was predicted by the Brad
Biddle analysis 12 years ago.
we had been brought in to help word-smith the cal. state electronic signature law. there was some legal
types who very clearly differentiated what was required for something to be considered "human
signature" (implication that something has been read, understood, agrees, approves, &/or
authorizes) and PKI "digital signatures" used for authentication.
we've periodically commented that there may be some cognitive dissonance because both
terms contain the word "signature".
slightly related pontification
http://www.garlic.com/~lynn/2009g.html#48
regarding this recent article mentioning SSL
Inventor: SSL security woes are really the fault of browser design
http://www.fiercecio.com/techwatch/story/inventor-ssl-security-woes-really-fault-browser-design/2009-05-05
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
