Ian G wrote:There is no judgement without liability, and in
the US, no liability without being sued.
I've raised this issue before, repeatedly, and Frank has always replied that ... Well, I'll let him reply.
Straight from the metapolicy:
"First, the primary risk associated with CA certificate selection is a security risk. The legal risk is secondary, in the sense that it is a consequence of the security risk and not vice versa; therefore the policy should address security risks first and foremost. Second, the people creating and implementing the policy are not in a position to assess legal risks and attempt to mitigate them, given that a) they are not lawyers, and b) even if they were lawyers, they would not necessarily be in a formal attorney/client relationship with all the parties with a stake in this policy.
"More specifically: Any legal risk to the Mozilla Foundation as a result of this policy is for the officers and board of the Mozilla Foundation to judge, based on advice from Mozilla Foundation counsel. This policy will be submitted to the Mozilla Foundation for review and approval before its formal adoption, and that's the proper time for them to do any analysis needed and propose any desired changes to the policy."
How much money has Mozilla Foundation got?
Enough to hire real lawyers :-)
Frank
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
