At 12:09 PM -0500 1/14/02, John S. Denker wrote: >... >Returning to PKI in particular and software defects in >particular: Let's not make this a Right-versus-Wrong >issue. There are intricate and subtle issues here. >Most of these issues are negotiable. > >In particular, you can presumably get somebody to insure >your whole operation, for a price. In the grand scheme >of things, it doesn't matter very much whether you (the >PKI buyer/user) obtain the insurance directly, or whether >the other party (the PKI maker/vendor) obtains the insurance >and passes the cost on to you. The insurer doesn't much >care; the risk is about the same either way. >
The point is that the risks are not the same. A CA can lower the cost of insurance it sells by taking additional precautions to reduce risk. The CA is also in a better position to estimate the true premium. A third party has to charge a very high premium since it is in a poorer position to make an accurate assessment of the risk. There would be a way for third parties to reduce their risk if some simple mechanism existed for independent verification of certificates. I once proposed that all PGP users display a small card containing their key fingerprint in a window near their front door. The corporate equivalent would be for organizations to display a hash of a master signing key in their main and branch lobbies. Anyone could then verify this key if they wanted to. There might be a bounty for discovering any irregularity. A network of certificate insurers might develop who would go from office to office recording fingerprints and then selling lists by subscription along with a guarantee of reimbursement for damages up to a certain amount if any of their data were incorrect. Arnold Reinhold --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
