[ Oops -- this was supposed to go to the list too. ] Michael Froomkin writes: [ Note: I've rearranged a couple of paragraphs ]
On Mon, 21 Aug 1995, Bill Stewart wrote:
can be substantial even if the suit is bogus.) Under what conditions do you expect somebody to sue a CA?
CA certifies key saying that holder has corporate power to enter into deals upto $1million. Keyholder commits fraud, arguably outside corparate powers.
CA certifies that a document is authentic and time-stamps it. Lawyers did not do due dilligence, books were cooked, everyone who touches document gets sued.
This seems to be confusing different entities. The roles in these examples aren't the CA's role. In the usual crypto lingo, the CA only certifies that a key belongs to a certain individual. Some entity within the corporation is responsible for saying whether an individual can do deals up to $1 million. Some other organization provides time-stamps (though it's possible that a CA could be dragged into your second example). But let's keep the terminology straight: a CA as used in crypto literature means the agent who certifies that "this key belongs to X" (for some definition of X).
CA certifies you are Jack Ripper based on phony id. In fact you are Sam Spade. CA sued for recovery of ensuing fraud.
In each of these cases, if the CA did exactly what it promises and no more, it (arguably) deserves a way to short-circuit the suit, thus keeping its costs down.
This is a better example to start from. I agree with your sentiment but don't necessarily agree with the conclusion. Let's start from the important "if" in your sentence. If the CA publicly guarantees only that it checks for a certain ID and can prove it did this (perhaps by producing a picture or photocopy of the ID it examined), it shouldn't have too much trouble defending the case. No reason why it should need any special short-circuit. Eventually, successful defenses will show that it's a waste of time to attack the CA if the CA did what it promised. If it guarantees more (say, that "this key *really* belongs to 'X'"), then it better be prepared to establish that fact to its own satisfaction before issuing the certificate (via birth certificates, passports, fingerprints, retinal scans or all of the above). If it fails to do those things, then it is and should be liable. After all, that's what the CA is getting paid for: to keep the promise it's implicitly making and take the heat to back up its promise.
Since (in the absence of any rules given the newness of the technology) it is very likely that a rich CA would get nuisance suits every time a deal in which it particiapted went sour, the absence of rules will either raise costs CAs have to charge (e.g. to buy insurance) or will keep rich folk out of the industry (which isn't good either, since you want CAs to buy security and to last). Thus the need for clear liability rules.
I think this is just part of the landscape for a CA. Again, that's what they're getting paid for. As for the rules, the courts will work those out through litigation. How else? :-) BTW, VeriSign is acting as a CA now for Netscape Commerce Server and Open Market Secure Web Server certificates, and perhaps others -- see: http://www.verisign.com/ I don't know exactly what guarantee VeriSign's making or what they expect their liability to be, but they are making a reasonable effort to establish the identity of server certificate holders (copy of letters of incorporation, business licenses and so forth). And they are charging $290 for a first-year certificate. It seems to me this $290 (though not huge for a business) is a lot more than it costs them just to check the papers and execute the mechanics of creating the certificate. The rest is their compensation for taking the "risk" of issuing the certificate's implicit guarantee. Presumably, some of that money goes toward insuring themselves against the kinds of claims you cited above. Just my thoughts -- IANAL. -- Jeff