On 7 Dec, 2011, at 11:34 AM, ianG wrote: > > Right, but it's getting closer to the truth. Here is the missing link. > > Revocation's purpose is one and only one thing: to backstop the liability to > the CA.
I understand what you're saying, but I don't agree. CAs have always punted liability. At one point, SSL certs came with a huge disclaimer in them in ASCII disclaiming all liability. Any CA that accepts liability is daft. I mean -- why would you do that? Every software license in the world has a liability statement in it that essentially says they don't even guarantee that the software contains either ones or zeroes. Why would certificates be any different? I don't think it really exists, not the way it gets thrown around as a term. Liability is a just a bogeyman -- don't go into the woods alone at night, because the liability will get you! Jon _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography