Enzo wrote quoting Lucky: > > The cert shows as being issued by Equifax because Geotrust > purchased > > Equifax's root embedded in major browsers since MSIE 5 on the > > secondary market. (Geotrust purchased more than just the root). > > This raises an interesting legal issue. Should any loss from > a mis-issued cert arise to a party who trusted the "Equifax" > brand name shown in the cert chain, but doesn't know (or want > to know) anything about Geotrust, who would be liable? > > (Yeah, I know, any liability is usually disclaimed away, but > I mean: which one of the two is supposed to represent the > "trusted" thirt party?)
I suspect that until there is more case law related to digital certificates, this question will be very challenging to answer. --Lucky --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]