[4266] in WWW Security List Archive
Re: Sceptic about (Funds Transfer w/o PIN)
daemon@ATHENA.MIT.EDU (James E. Hoburg)
Thu Feb 6 14:22:13 1997
Date: Thu, 6 Feb 1997 12:34:14 -0500
From: "James E. Hoburg" <james.e.hoburg@att.com>
To: Clare Chu <cchu@cisco.com>
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <32F97A43.105@cisco.com>
Reply-To: james.e.hoburg@att.com
Errors-To: owner-www-security@ns2.rutgers.edu
Clare Chu writes:
> What I wonder is if someone could sue the certificate holder?
> After all, he either knowingly or unknowingly allowed his applets
> to do harm.
I've been under the impression that certificates only warranty the
_genuineness_ of an application (e.g., "This certificate hereby guarantees this
to be a bona fide product of WidgetWare, Inc."). Today when we buy
off-the-shelf software, it usually comes wrapped in disclaimers about intended
use, liability for damages, etc. I suppose the same disclaimers could be made
to apply to wares delivered by network--only the distribution channel has
changed, really.
Cheers,
jeh
