Certification Authority Liability Analysis
187 Pages Posted: 5 May 2015 Last revised: 30 May 2024
Date Written: February 4, 1998
Abstract
This paper surveys the liability issues raised by an entity’s entry into the certification authority business. Because the duties and potential liabilities imposed upon a CA by applicable law are unclear, this paper addresses the major sources of U.S. law likely to provide a basis for certification of authority liability, and analyzes those areas of the law in analogous situations in an attempt to determine how they might be applied to the activities of a certification authority. The focus is on what appear to be the four primary areas of potential liability: negligent misrepresentation, breach of warranty, intellectual property infringement, and liability for the conduct of others.
Keywords: liability, PKI, CA, certification authority, identity, identity management, digital signatures, digital certificate, law, legal, tort, negligence, misrepresentation, fraud, contract, breach of contract, vicarious liability, criminal liability, liability risk
JEL Classification: K10, K12, K13, K14, K20, K23, K30, K40
Suggested Citation: Suggested Citation