In the last few weeks, mostly under the subject of creating a Cypherpunks Certification Authority, someone mentioned legal liability of a CA if a certified identity was misused. I am looking for material to pass on to a REAL, PAID net-savvy lawyer relating to this question. In return for the money we pay him, he will return an opinion on just what liability exposure would be for, say, a large technical users group who got into the CA business for PGP keys. And/or what disclaimers or indemnities would be needed. I would be happy to make his legal opinion available to the list. IANAL, so I don't know just what precedents, decisions, regulations, and so on might be relevent. More information is always a good thing. Please: 1. reply to me by mail, not the list, unless there is more general relevence to Cypherpunks. I'll summarise. 2. Speculation is not useful. thanks, Greg. -- Greg Rose INTERNET: greg_rose@sydney.sterling.com Sterling Software VOICE: +61-2-9975 4777 FAX: +61-2-9975 2921 28 Rodborough Rd. http://www.sydney.sterling.com:8080/~ggr/ French's Forest 35 0A 79 7D 5E 21 8D 47 E3 53 75 66 AC FB D9 45 NSW 2086 Australia. co-mod sci.crypt.research, USENIX Director.