-----BEGIN PGP SIGNED MESSAGE----- A. Michael Froomkin writes:
I know I can put an expiration date on the certificate, but that's not enough. I can accumulate a lot of exposure in a few seconds, much less weeks.
I know I can put a reliance limit in the X.509 ver 3 certificate, but that's not enough. Even a $1 limit could be used many millions of times.
Is it feasabile to say: Can only be relied on once per day/week/month?
This sounds like it would present the same exposure problems as an expiration date, but perhaps be more difficult to impose. As you said above, you can assume huge liability in a few seconds, even if you're only given a few seconds a week. Also, I don't immediately see a way to arrange this on the technical side that doesn't reduce to using something that expires and replacing/refreshing it periodically. Of course, the net is in some ways excellent for that sort of application. How about combining value limits with time limits ? Over the wire, using low value limits and replacing them frequently might be a workable solution.
Is this something the relying parties can reasonably be expected to monitor?
This sounds like a legal question, so I don't think I can offer a useful response. Futplex <futplex@pseudonym.com> "I think every player in the NFL should have to go through grad school. It would be a great humbler." -Matt Miller, Cleveland Browns 1979-1983, Ph.D. Georgia Tech 1993 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMPGj8SnaAKQPVHDZAQG/NQf/V5toCNRKaSZjVwACN663gWbq0rysZq3r 7d/XKAZHCUWoaYWS4RkaF101/0t7jEAww+wggrl02MNximN7Ku/CM1sJkDT/Ixzm KCAQwl96ov3UgBYkol66ubciHRmX897NszCwqEgoc/pcOq2rLvhjskUZXt0WHhU7 U10/00/Zg86kAsCo3xUAB3ci4t9Pk2YJigg5n23vJfuN3j0BpKcGW9B7McP9fm59 V8bBp1CDF3Ey5XwPaaNkwmuYlT7QVyDlEOYu0EppzvQdT2PyXT8B9cAjGR5PO8IJ xUIkxmXmfPlRxjJVUTSfvf3gKJnK1ax09sPDwNiA6/JAtHXPTo5llw== =rHvs -----END PGP SIGNATURE-----