Vint,
I will say again, I am not trying to have the PCAs make any
asssertions about USEs for which their certificates are in any way
assured. Instead, I am trying to get the PCAs to state the
conditions under their users either WILL or WILL NOT have a
given level of liability for their actions.
I have clearly failed to convince the general user community
with regard to these issues, so I will accept your graciously
worded suggestion to table the issue on pem-dev.
Because we are discussing these issues with RSA and with
other potential users of the RSA Commercial Hierarchy,
I will continue to wrestle with these questions with our
legal counsel. At the present time I am not sure that
I would personally be able to accept the potential liability
implied by ANY of the existing PCA Policy statements, nor
could I recommend that any one else accept them,
but maybe I've just gotten too paranoid.