Certificates: limiting your liability with reuse limitations
Michael Froomkin
froomkin at law.miami.edu
Mon Jan 8 14:39:02 PST 1996
Suppose I am a CA. I am worried that by issuing a certificate with a
lifespan of more than 2 milliseconds I am opening myself up to unlimited
liability if for some reason, despite my best efforts, I issue an
erroneous certificate.
I know I can write disclaimers, but that's not reliable since courts
often ignore them, and anyway it scares off customers.
I know I can put an expiration date on the certificate, but that's not
enough. I can accumulate a lot of exposure in a few seconds, much less
weeks.
I know I can put a reliance limit in the X.509 ver 3 certificate, but
that's not enough. Even a $1 limit could be used many millions of times.
Is it feasabile to say: Can only be relied on once per day/week/month?
Is this something the relying parties can reasonably be expected to monitor?
It seems to me that this sort of a limit is essential if a CA is to feel
comfortable outside Utah....
A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law | froomkin at law.miami.edu
P.O. Box 248087 | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.
More information about the cypherpunks-legacy
mailing list