Eric Rescorla writes: > Ben Laurie <[EMAIL PROTECTED]> writes: > > > Michael Sierchio wrote: > > > > > > Carl Ellison wrote: > > > > > > > If that's not good enough for you, go to https://store.palm.com/ > > > > where you have an SSL secured page. SSL prevents a man in the middle > > > > attack, right? This means your credit card info goes to Palm > > > > Computing, right? Check the certificate. > > > > > > To be fair, most commercial CA's require evidence of "right to use" > > > a FQDN in an SSL server cert. But your point is apt. > > > > And most (all?) commercial CAs then disclaim any responsibility for > > having actually checked that right correctly... > While this is true, I'd point out that all the security software > you're using disclaims any responsibility for not having gaping > security holes.
If an automaker disclaimed liability for a vehicle, and a negligent design or manufacture resulted in injury or loss, it is my understanding that the liability disclaimer notwithstanding, the automaker would be held responsible. Why do we believe that the same would not be the case for software? Paul Ward --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
