[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: matter of semantics

To: Bob Jueneman <BJUENEMAN@novell.com>
Subject: Re: matter of semantics
From: Carl Ellison <cme@cybercash.com>
Date: Mon, 17 Nov 1997 15:34:02 -0500
Cc: cme@cybercash.com, jar@ornl.gov, spki@c2.net
In-Reply-To: <s4702920.017@novell.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 11:21 AM 11/17/97 -0700, Bob Jueneman wrote:
>But if you accept the general proposition that some sharing of the risk is
>appropriate, just to protect against disproportionate and unaffordable
>losses (a la a major medical plan for digital signatures) ,then it could be
>argued that in insurance model is much better than legislatively spreading
>the risk across the society.  If insurance is available (at a reasonable
>cost) against errors and omissions by the CA, as well as for apparent theft
>or compromise of a key, then the subscribers could decide for themselves how
>much risk to take, what their deductible limits ought to be, or whether they
>should self-insure.

Have you seen Mike Reiter's work at AT&T?  He argues well enough to convince 
me that insurance is the only viable model -- but in this case, it is the CA 
acting as insurance agent, insuring the user of the certificate against any 
fraud by the certified key.  That fraud can happen because the proper 
keyholder(K1) is dishonest or by having some dishonest person become the 
keyholder(K1) through theft, trojan horse, Radar O'Reilly attack, 
cryptanalysis, ....  AFAIK, there's no role for a commercial CA which does
not act as insurance company -- ie., which disclaims liability.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNHCqORN3Wx8QwqUtAQHxyAQAluyq3zzeBN4p5+H8DQYw66o3FNqGa+C2
sqQNx+AXPM8DQDLbph8UZqRcuEg0NupXjHSPtvXcDsqZFewyh/LDTPxln2nUDkFb
vmEq9JUpV21ZcfScO3Ld8i/6m83okfa96EBc7RlLd+p+T6CqLcAIRP4cOt1p8Y4k
ahl2Yb3mBIE=
=d2vq
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References:

Re: matter of semantics

From: Bob Jueneman <BJUENEMAN@novell.com>

Prev by Date: Re: non-key-sharing
Next by Date: Re: non-key-sharing
Prev by thread: Re: matter of semantics
Next by thread: Re: matter of semantics
Index(es):
- Main
- Thread