1996-03-09 - Re: Not a good idea…

Header Data

From: djw@vplus.com (Dan Weinstein)
To: cypherpunks@toad.com
Message Hash: 50e36d327f8a14a10e43cea7a7ae2bb5f6b0cc3b50c6860496d47d7cdeb0fe80
Message ID: <3140ad62.11966620@mail.vplus.com>
Reply To: <199603081914.NAA02963@proust.suba.com>
UTC Datetime: 1996-03-09 02:14:29 UTC
Raw Date: Sat, 9 Mar 1996 10:14:29 +0800

Raw message

From: djw@vplus.com (Dan Weinstein)
Date: Sat, 9 Mar 1996 10:14:29 +0800
To: cypherpunks@toad.com
Subject: Re: Not a good idea...
In-Reply-To: <199603081914.NAA02963@proust.suba.com>
Message-ID: <3140ad62.11966620@mail.vplus.com>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 8 Mar 1996 13:14:25 -0600 (CST), Alex Strasheim
<cp@proust.suba.com> wrote:

>Who's liable?  Me, Verisign, or Netscape?  All of us?  
>
>I suspect that if I pass credit card numbers to thieves I'll get in
>trouble, but I don't have any assets.
>
>Verisign didn't make any representations directly to the public, and they 
>probably followed the procedure they negotiated with Netscape when they 
>issued me my cert.

"For secure servers, VeriSign currently offers a 'high-assurance'
Class 3 Digital ID for electronic commerce servers. "  This is from
Verisign's home page.  They are saying that this class of certificate
is safe to do commerce with.  

>Netscape put together a complicated high-tech system and told the public
>(which doesn't understand cryptography) that their system was suitible for
>commerce -- it's even in the product's name!  They didn't build in prudent
>safeguards to prevent me from running my forms processing service, which
>is such a trivial thing to set up that it should have been forseen.  (Q:
>I've never gotten a real cert -- do I have to agree to something that
>would prohibit my forms processing business?)

I would think that netscape would only make agreements with CAs that
accepted liability.  I would also think that Netscape would only be
liable if they were found to have put in a CA that they had reason to
believe was not taking due diligence to ensure that the key really
belonged to the company that claimed to own it.

Dan Weinstein
djw@vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.

"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.        
           Friedrich Nietzsche







Thread