[6365] in cryptography@c2.net mail archive
Re: Killer PKI Applications
daemon@ATHENA.MIT.EDU (Lynn.Wheeler@firstdata.com)
Wed Jan 12 11:45:46 2000
From: Lynn.Wheeler@firstdata.com
To: Greg Broiles <gbroiles@netbox.com>
Cc: "Bill la Forge" <b.laforge@jxml.com>, "bram" <bram@gawth.com>,
"Peter Cassidy" <pcassidy@triarche.com>, dcsb@ai.mit.edu,
tbtf-irregulars@world.std.com, cryptography@c2.net
Message-ID: <85256864.0053C0E8.00@lnsunr02.firstdata.com>
Date: Wed, 12 Jan 2000 07:17:00 -0800
Mime-Version: 1.0
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
your comments don't appear to be inconsistent with Jane Winn's writings on PKIs
for instance her paper:: Hedgehog and Fox: PKI and Plublic & Private Sector Risk
Management
The Hedgehog and the Fox: Distinguishing Public and Private Sector Approaches to
Managing Risk for Internet Transactions, 51 ABA Administrative Law Review
955
(1999)
This article argues that much recent and proposed electronic commerce
legislation
is based on flawed assumptions regarding risk management and the practical
utility of
current electronic commerce technologies. Such flawed legislation would
produce a
loss allocation system that would undermine incentives that currently exist
to improve
the technological infrastructure of Internet commerce. This paper was
presented at a
conference at American University in March 1999.
http://www.smu.edu/~jwinn/hedgehogfox.htm
or other papers at her site:
http://www.smu.edu/~jwinn/
Greg Broiles <gbroiles@netbox.com> on 01/12/2000 01:47:04 AM
To: Lynn Wheeler/CA/FDMS/FDC@FDC, "Bill la Forge" <b.laforge@jxml.com>
cc: "bram" <bram@gawth.com>, "Peter Cassidy" <pcassidy@triarche.com>,
dcsb@ai.mit.edu, tbtf-irregulars@world.std.com, cryptography@c2.net
Subject: Re: Killer PKI Applications
.
While this would certainly be an interesting goal to achieve, I think it's worth
remembering that current software industry practice is for the software
publishers themselves to disclaim all or almost all warranties regarding the
performance of their software or its lack of errors .. so you're asking CA's to
guarantee something that publishers themselves don't, at present.
