From: Michael Froomkin <froomkin@law.miami.edu>
To: Andreas Bogk <andreas@artcom.de>
Message Hash: 40004a4240a1b6039ebb5e7e270b49be12b0e23b42272ffdde8a7cc997b76480
Message ID: <Pine.SUN.3.91.951125150446.848J-100000@viper.law.miami.edu>
Reply To: <m0tJPeV-0002eCC@horten>
UTC Datetime: 1995-11-25 20:29:09 UTC
Raw Date: Sun, 26 Nov 1995 04:29:09 +0800
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Sun, 26 Nov 1995 04:29:09 +0800
To: Andreas Bogk <andreas@artcom.de>
Subject: Re: Cypherpunk Certification Authority
In-Reply-To: <m0tJPeV-0002eCC@horten>
Message-ID: <Pine.SUN.3.91.951125150446.848J-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain
Alas, certain critical social steps have been elided in the proposed
protocol. As it happens, I'm working on an article, to be published in
the Oregon Law Review next year, on "The Importance of Trusted Third
Parties in Electronic Commerce". It's mostly about the care and feeding
(and legal liability!) of a CA. Unfortunately for this discussion, I'm
only part way through my thinking about what the liability of a CA might
be so I don't have carefully considered conclusions to offer you. Try me
again in a few weeks.
In the absence of legislation...
[PLUG: if you haven't already done so, RUSH to my homepage
http://www.law.miami.edu/~froomkin
and click on the link to the ABA draft of the digital signature
guidelines. This mis-named document is actually all about CA liability.
Comment period now extended to mid-January.]
...you need to worry about who might *use* the certificates, and what they
might to do the CA in the case of mis-certification or other misfortune.
At the very least, there is a tort claim for "negligent
mis-representation" the first time an inaccurate certificate, or an
accurate certificate referencing a compromised key, is used in a
transaction that goes sour.
I don't give legal advice on line, ever, so I can't tell you how to avoid
liability. I'm not even sure that this is possible absent legislation. I
can, however, mention techniques that at this writing seem to me to be an
essential part of any liability-reduction strategy, without any claim that
these alone suffice to protect you to the level that I would want to be
protected (I'm a cautious guy).
Repeat: I do claim that pending further thought these steps seem necessary,
**not** that they are sufficient:
A) Establish a clear certification policy document, describing in detail
what checks are made before issuing a certificate, how quickly CRLs are
posted, and where. This doesn't mean onerous checks are necessary, just
that you need to be clear as to what checking a certficiate from you
emboidies. Publish this document.
B) Reference this policy document in every certificate.
C) Don't settle for less than X.509 ver 3, because this allows the
certificate to carry within it a reference to the location of the CRL
list. Use that feature.
D) Establish a very reliable mechanism to ensure CRLs are posted where
and when they should be.
E) Use a secure, trusted, computer system.
Again, I note that this is NOT a complete list of what you need to do.
For more inspiration consult the ABA document referenced above.
A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law | froomkin@law.miami.edu
P.O. Box 248087 | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.
Return to November 1995
Return to “sameer <sameer@c2.org>”