Not a good idea...
Dan Weinstein
djw at vplus.com
Fri Mar 8 18:14:29 PST 1996
On Fri, 8 Mar 1996 13:14:25 -0600 (CST), Alex Strasheim
<cp at proust.suba.com> wrote:
>Who's liable? Me, Verisign, or Netscape? All of us?
>
>I suspect that if I pass credit card numbers to thieves I'll get in
>trouble, but I don't have any assets.
>
>Verisign didn't make any representations directly to the public, and they
>probably followed the procedure they negotiated with Netscape when they
>issued me my cert.
"For secure servers, VeriSign currently offers a 'high-assurance'
Class 3 Digital ID for electronic commerce servers. " This is from
Verisign's home page. They are saying that this class of certificate
is safe to do commerce with.
>Netscape put together a complicated high-tech system and told the public
>(which doesn't understand cryptography) that their system was suitible for
>commerce -- it's even in the product's name! They didn't build in prudent
>safeguards to prevent me from running my forms processing service, which
>is such a trivial thing to set up that it should have been forseen. (Q:
>I've never gotten a real cert -- do I have to agree to something that
>would prohibit my forms processing business?)
I would think that netscape would only make agreements with CAs that
accepted liability. I would also think that Netscape would only be
liable if they were found to have put in a CA that they had reason to
believe was not taking due diligence to ensure that the key really
belonged to the company that claimed to own it.
Dan Weinstein
djw at vplus.com
http://www.vplus.com/~djw
PGP public key is available from my Home Page.
All opinions expressed above are mine.
"I understand by 'freedom of Spirit' something quite definite -
the unconditional will to say No, where it is dangerous to say
No.
Friedrich Nietzsche
More information about the cypherpunks-legacy
mailing list