[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Validity periods can be handled more explicitly

To: cme@cybercash.com
Subject: Re: Validity periods can be handled more explicitly
From: Bob Jueneman <BJUENEMAN@novell.com>
Date: Wed, 05 Nov 1997 15:21:15 -0700
Cc: spki@c2.net

Basically my point.

Bob

Robert R. Jueneman
Security Architect
Novell, Inc.
Network Services Division
122 East 1700 South
Provo, UT 84604
801/861-7387
bjueneman@novell.com

"If you are tring to get to the moon, climbing a tree, 
although a step in the right direction, will not prove 
to be very helpful."

"The most dangerous strategy is to cross the chasm in two leaps."


>>> Carl Ellison <cme@cybercash.com> 11/05 12:25 PM >>>
-----BEGIN PGP SIGNED MESSAGE-----

At 11:36 AM 11/5/97 -0700, Bob Jueneman wrote:
>However, there is also the issue of whether the relying party's reliance on
>a digital signature cum certificate chain was commercially reasonable for
>the type of transaction that was involved.  In other words, a PGP
signature,
>or a signature backed up by a VeriSign class 1 certificate is likely to be
>held to be legally binding if it can be shown that the signature was that
of
>the putative key holder. But on the other hand, if someone were to rely on
>such a signature exclusively to buy a billion dollar oil tanker and the
>transaction went bad, the courts would probably hold that such a reliance
>was not commercially reasonable, and that the relying party who went ahead
>with the transactions did so at his own risk. Caveat emptor.

I would worry about any system being designed to handle the purchase of oil 
tankers between networked parties.  We're worried today about buying $0.25 
photographs, $15 CDs, etc.  I'm quite content to let purchasers of oil 
tankers fly to a meeting place and conduct business in the flesh.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNGDILhN3Wx8QwqUtAQGmNgP+JDoCEJ8MubzLK+XQo9S0w1NlLTWfLklz
jpaaVfNBb0gMx5I6Z1jcvaHEwKm746pbG2ShCRAcdSKCgxn2AF+glNvaa31QKbst
aD2wl3aoxiJ8r7XAZffuQ+wOYB6w3UDsDFcAoGWpiCt1XUBUdoTzWBXhGvsYfYYU
FcnKWHw2shw=
=luXK
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Prev by Date: Re: Validity periods can be handled more explicitly
Next by Date: Re: non-key-sharing
Prev by thread: Re: Validity periods can be handled more explicitly
Next by thread: matter of semantics
Index(es):
- Main
- Thread