Subject: Policy-Discussion
List archive
- From: Ian G <iang AT systemics.com>
- To: Policy-Discussion <cacert-policy AT lists.cacert.org>
- Subject: Re: [CAcert-Policy] Liability for Assurers
- Date: Wed, 12 Jul 2006 19:28:31 +0200
- List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
- List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
- Organization: http://financialcryptography.com/
Bernhard Froehlich wrote:
Then, for external disputes (grandma, criminal)(being something of a nitpicker I want to point out that at least $2000 are covered since at least two assurers should have to be involved in a false assurance)
who picks up the liability after $1000?
Is this CAcert? Is this a defence fund? Is
this a general call to all members? Do all
the Assurers contribute $50 to a pot? fund
raising at events?
IMHO the best solution for this would be some kind of defence fund or insurance or something like that. That still leaves the problem of who fills the fund or pays the premium.
A defence fund is a possibility. I suspect
insurance will be tough. This is one of those
"non-proper" markets where any insurance product
you can come up with will be only provided if
a) you don't need it and b) you have everything
else sorted out. So it falls in the chicken &
egg basket.
The classical solution would be to charge for the assurance. Maybe VeriSign charges too much, but possibly the right price for security is not free after all! But that line of thought would probably lead us into a completely different (and probably hot) discussion.
Nitpick, I think Verisign charges for a cert,
and includes the assurance for free...
What is the right price for security? Well...
There are lots of writings on that. Suffice to
say, it is somewhere between $0 and too much:
* Skype, SSH: $0 free + 3 mins.
* S/MIME: price of cert plus days of mucking around
plus unlimited liability for undefined digsigs...
Of course, it all depends on a) what you
define as security and b) what you are
prepared to pay for. There is no correlation
between those two that I've ever seen though.
I'd prefer fund raising at events or an appeal for funds to the people getting assured (which still would imply changing the introduction on www.cacert.org).
Lots will change ... once these policies start
flowing through. The normal stable state of a
good solid organisation is dynamic, continuous
change :)
iang
PS: tbird crash today lost 3 mails in progress :-/
What price email security...
- Re: [CAcert-Policy] Liability for Assurers, (continued)
- Re: [CAcert-Policy] Liability for Assurers, Bernhard Froehlich, 07/06/2006
- Re: [CAcert-Policy] Liability for Assurers, Iang, 07/10/2006
- Re: [CAcert-Policy] Liability for Assurers, Sven Anderson, 07/10/2006
- Re: [CAcert-Policy] Liability for Assurers, Duane, 07/10/2006
- Re: [CAcert-Policy] Liability for Assurers, Sven Anderson, 07/11/2006
- Re: [CAcert-Policy] Liability for Assurers, Duane, 07/11/2006
- Re: [CAcert-Policy] Liability for Assurers, Sven Anderson, 07/11/2006
- Re: [CAcert-Policy] Liability for Assurers, Ian G, 07/11/2006
- Re: [CAcert-Policy] Liability for Assurers, Ian G, 07/11/2006
- Re: [CAcert-Policy] Liability for Assurers, Bernhard Froehlich, 07/12/2006
- Re: [CAcert-Policy] Liability for Assurers, Ian G, 07/12/2006
- Re: [CAcert-Policy] Liability for Assurers, Bernhard Froehlich, 07/12/2006
- Re: [CAcert-Policy] Liability for Assurers, Sven Anderson, 07/13/2006
- Re: [CAcert-Policy] Liability for Assurers, Bernhard Froehlich, 07/13/2006
- Re: [CAcert-Policy] Liability for Assurers, Ian G, 07/13/2006
- Re: [CAcert-Policy] Liability for Assurers, Sven Anderson, 07/13/2006
- Re: [CAcert-Policy] Liability for Assurers, Ian G, 07/15/2006
Archive powered by MHonArc 2.6.16.