Certificates: limiting your liability with reuse limitations
Suppose I am a CA. I am worried that by issuing a certificate with a lifespan of more than 2 milliseconds I am opening myself up to unlimited liability if for some reason, despite my best efforts, I issue an erroneous certificate. I know I can write disclaimers, but that's not reliable since courts often ignore them, and anyway it scares off customers. I know I can put an expiration date on the certificate, but that's not enough. I can accumulate a lot of exposure in a few seconds, much less weeks. I know I can put a reliance limit in the X.509 ver 3 certificate, but that's not enough. Even a $1 limit could be used many millions of times. Is it feasabile to say: Can only be relied on once per day/week/month? Is this something the relying parties can reasonably be expected to monitor? It seems to me that this sort of a limit is essential if a CA is to feel comfortable outside Utah.... A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.
-----BEGIN PGP SIGNED MESSAGE----- A. Michael Froomkin writes:
I know I can put an expiration date on the certificate, but that's not enough. I can accumulate a lot of exposure in a few seconds, much less weeks.
I know I can put a reliance limit in the X.509 ver 3 certificate, but that's not enough. Even a $1 limit could be used many millions of times.
Is it feasabile to say: Can only be relied on once per day/week/month?
This sounds like it would present the same exposure problems as an expiration date, but perhaps be more difficult to impose. As you said above, you can assume huge liability in a few seconds, even if you're only given a few seconds a week. Also, I don't immediately see a way to arrange this on the technical side that doesn't reduce to using something that expires and replacing/refreshing it periodically. Of course, the net is in some ways excellent for that sort of application. How about combining value limits with time limits ? Over the wire, using low value limits and replacing them frequently might be a workable solution.
Is this something the relying parties can reasonably be expected to monitor?
This sounds like a legal question, so I don't think I can offer a useful response. Futplex <futplex@pseudonym.com> "I think every player in the NFL should have to go through grad school. It would be a great humbler." -Matt Miller, Cleveland Browns 1979-1983, Ph.D. Georgia Tech 1993 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMPGj8SnaAKQPVHDZAQG/NQf/V5toCNRKaSZjVwACN663gWbq0rysZq3r 7d/XKAZHCUWoaYWS4RkaF101/0t7jEAww+wggrl02MNximN7Ku/CM1sJkDT/Ixzm KCAQwl96ov3UgBYkol66ubciHRmX897NszCwqEgoc/pcOq2rLvhjskUZXt0WHhU7 U10/00/Zg86kAsCo3xUAB3ci4t9Pk2YJigg5n23vJfuN3j0BpKcGW9B7McP9fm59 V8bBp1CDF3Ey5XwPaaNkwmuYlT7QVyDlEOYu0EppzvQdT2PyXT8B9cAjGR5PO8IJ xUIkxmXmfPlRxjJVUTSfvf3gKJnK1ax09sPDwNiA6/JAtHXPTo5llw== =rHvs -----END PGP SIGNATURE-----
A. Michael Froomkin writes:
I know I can put an expiration date on the certificate, but that's not enough. I can accumulate a lot of exposure in a few seconds, much less weeks.
I know I can put a reliance limit in the X.509 ver 3 certificate, but that's not enough. Even a $1 limit could be used many millions of times.
Is it feasabile to say: Can only be relied on once per day/week/month?
Undeniable digital signatures. They're not 'undeniable' differently from normal digital signatures, but they do require the cooperation of the signer to confirm the signature. Thus, a KCA could decide only to verify a signature 50 times, or once per day (or once per being paid the $10 signature verification fee.) Schneier has a decent amount on undeniable digital signatures. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
You write:
Suppose I am a CA. I am worried that by issuing a certificate with a lifespan of more than 2 milliseconds I am opening myself up to unlimited liability if for some reason, despite my best efforts, I issue an erroneous certificate.
How do notaries public get around this liability problem? It seems to me that the checking done for a certificate might be similar to the checking done by a notary - a glance at a driver's license, say. Are they subject to liability if they are fooled by fake ID? Hal
participants (4)
-
Adam Shostack -
futplexï¼ pseudonym.com -
Hal -
Michael Froomkin