<[EMAIL PROTECTED]> writes:
> Eric Rescorla writes:
> > <[EMAIL PROTECTED]> writes:
> > > If an automaker disclaimed liability for a vehicle, and a negligent
> > > design or manufacture resulted in injury or loss, it is my
> > > understanding that the liability disclaimer notwithstanding, the
> > > automaker would be held responsible. Why do we believe that the same
> > > would not be the case for software?
> > In that case, why should the liability also apply to CAs, despite their
> > disclaimers?
>
> Do you mean "why should," or "why shouldn't?" If the latter, then,
> sure, I believe it should. People running around in business selling
> products and services and then disclaiming any liability with regard
> to their performance _for_their_intended_task_ is, IMHO, wrong.
Right. My point is this:
Security people often argue that PKI is worthless on the grounds that
the CAs disclaim all liability. This argument leads to the conclusion
that security is essentially worthless since scurity software
almost invariably comes with a disclaimer of all liability.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
