Skip to Content.
Sympa Menu

cacert-policy - Re: [CAcert-Policy] Liability for Assurers

Subject: Policy-Discussion

List archive

Re: [CAcert-Policy] Liability for Assurers


Chronological Thread 
  • From: Bernhard Froehlich <ted AT convey.de>
  • To: Policy-Discussion <cacert-policy AT lists.cacert.org>
  • Subject: Re: [CAcert-Policy] Liability for Assurers
  • Date: Wed, 05 Jul 2006 09:31:48 +0200
  • List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
  • List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
Iang wrote:
[...]
OK, so let's ask ourselves as Assurers -- do
we expect our Assurers to "know better" or to
"not know better?"
My personal view: It's better to have half the number of assurers if the remaining assurers can be relied on.
[...]
Of course problems start if I falsely assure someone because he presented a forged document. If I do this it was not a good job. But even then I might have chances to escape liability if the document had been forged "well enough".

Good point.  Can we list out these cases?

  1. forged document
     + poor quality -- should have been picked up
     + good quality -- unlikely to be picked up
  2. did not follow procedure
     + through error
     + deliberately
IMHO the relevant cases are

   0. assurance is correct but presented documents are flawed (expired,
   not appropriate, ...)
   1. forged document of good quality
   2. did not follow procedure (includes forged document of poor quality)
   3. deliberate false assurance

Case 0 should be no problem since noone would complain. Lucky assurer.
Case 1 would have to be decided by a court, but the assurer will have a hard time proving that the document he saw was of good quality. This is one advantage of the Thawte approach of keeping a photocopy of the document.
Case 2 clearly is gross negligence. Liability could probably be covered by CACert.
In case 3 the assurer is personally liable (and IMHO this is just as it should be).

BTW, http://de.wikipedia.org/wiki/Schadensersatz gives a nice overview on german liability laws.

Another thing, Peter Williams wrote:
Hmm. A "trust service" from a person showing signs of avoiding professional liability.... Even grandma may begin to be suspicious, of that.
Indeed this is something that also crossed my mind... But remember the following:

   * Assessing the risks to the assurers is an important thing (and I
     bet this is done internally by commercial CAs also)
   * Expressing (to grandma) which liabilities a trust service is
     willing to take and which it will not take may give grandma
     something to think, but IMHO it is a good deal more legitimate
     than the approach of "you'll see what liability I'll accept when
     the damage is done", which is the preferred approach of many
     existing CAs...

Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.16.

Top of Page