From: Michael Froomkin <froomkin@law.miami.edu>
To: cypherpunks <cypherpunks@toad.com>
Message Hash: 8d6a7fbf87df73651fb6084413c214bb1e8b0df95cbbf12b076fb27fc4a995b7
Message ID: <Pine.SUN.3.91.960108172534.14719h-100000@viper.law.miami.edu>
Reply To: N/A
UTC Datetime: 1996-01-08 22:39:02 UTC
Raw Date: Tue, 9 Jan 1996 06:39:02 +0800
From: Michael Froomkin <froomkin@law.miami.edu>
Date: Tue, 9 Jan 1996 06:39:02 +0800
To: cypherpunks <cypherpunks@toad.com>
Subject: Certificates: limiting your liability with reuse limitations
Message-ID: <Pine.SUN.3.91.960108172534.14719h-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain
Suppose I am a CA. I am worried that by issuing a certificate with a
lifespan of more than 2 milliseconds I am opening myself up to unlimited
liability if for some reason, despite my best efforts, I issue an
erroneous certificate.
I know I can write disclaimers, but that's not reliable since courts
often ignore them, and anyway it scares off customers.
I know I can put an expiration date on the certificate, but that's not
enough. I can accumulate a lot of exposure in a few seconds, much less
weeks.
I know I can put a reliance limit in the X.509 ver 3 certificate, but
that's not enough. Even a $1 limit could be used many millions of times.
Is it feasabile to say: Can only be relied on once per day/week/month?
Is this something the relying parties can reasonably be expected to monitor?
It seems to me that this sort of a limit is essential if a CA is to feel
comfortable outside Utah....
A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law | froomkin@law.miami.edu
P.O. Box 248087 | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.
Return to January 1996
Return to “Michael Froomkin <froomkin@law.miami.edu>”