----- Original Message ----- From: "Lucky Green" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, July 14, 2002 11:55 AM Subject: RE: IP: SSL Certificate "Monopoly" Bears Financial Fruit
> > The cert shows that it's issued by Equifax, however. > > The cert shows as being issued by Equifax because Geotrust purchased > Equifax's root embedded in major browsers since MSIE 5 on the secondary > market. (Geotrust purchased more than just the root). This raises an interesting legal issue. Should any loss from a mis-issued cert arise to a party who trusted the "Equifax" brand name shown in the cert chain, but doesn't know (or want to know) anything about Geotrust, who would be liable? (Yeah, I know, any liability is usually disclaimed away, but I mean: which one of the two is supposed to represent the "trusted" thirt party?) Enzo --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
