Re: CFP: PKI research workshop

[Michael Sierchio]

[EMAIL PROTECTED] wrote:

> If an automaker disclaimed liability for a vehicle, and a negligent
> design or manufacture resulted in injury or loss, it is my
> understanding that the liability disclaimer notwithstanding, the
> automaker would be held responsible.  Why do we believe that the same
> would not be the case for software?

Because insufficient case law exists -- some lawyers are bright
enough to see "pools of liability" with software, esp. known
vulnerabilities used in DDOS, etc. -- and we technologists are
not a litigious bunch.

What do you call someone who had a C average in law school?  "Your honor."
That's probably the other problem.



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: CFP: PKI research workshop

[Michael Sierchio]

Carl Ellison wrote:

> If that's not good enough for you, go to https://store.palm.com/
> where you have an SSL secured page.  SSL prevents a man in the middle
> attack, right?  This means your credit card info goes to Palm
> Computing, right?  Check the certificate.

To be fair,  most commercial CA's require evidence of "right to use"
a FQDN in an SSL server cert.  But your point is apt.



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]