Five Theses on Security Protocols
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Aug 1 07:08:23 EDT 2010
John Levine <johnl at iecc.com> writes:
>Geotrust, to pick the one I use, has a warranty of $10K on their cheap certs
>and $150K on their green bar certs. Scroll down to the bottom of this page
>where it says Protection Plan:
>
>http://www.geotrust.com/resources/repository/legal/
>
>It's not clear to me how much this is worth, since it seems to warrant mostly
>that they won't screw up, e.g., leak your private key, and they'll only pay
>to the party that bought the certificate, not third parties that might have
>relied on it.
A number of CAs provide (very limited) warranty cover, but as you say it's
unclear that this provides any value because it's so locked down that it's
almost impossible to claim on it. Does anyone know of someone actually
collecting on this? Could an affected third party sue the cert owner who can
then claim against the CA to recover the loss? Is there any way that a
relying party can actually make this work, or is the warranty cover more or
less just for show?
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list