On 1/08/10 9:08 PM, Peter Gutmann wrote:
John Levine<jo...@iecc.com>  writes:

Geotrust, to pick the one I use, has a warranty of $10K on their cheap certs
and $150K on their green bar certs.  Scroll down to the bottom of this page
where it says Protection Plan:


It's not clear to me how much this is worth, since it seems to warrant mostly
that they won't screw up, e.g., leak your private key, and they'll only pay
to the party that bought the certificate, not third parties that might have
relied on it.

A number of CAs provide (very limited) warranty cover, but as you say it's
unclear that this provides any value because it's so locked down that it's
almost impossible to claim on it.

Although distasteful, this is more or less essential. The problem is best seen like this: take all the potential relying parties for a large site / large CA, and multiply that by the damages in (hypothetically) fat-ass class action suit. Think phishing, or an MD5 crunch, or a random debian code downsizing.

What results is a Very Large Number (tm).

By fairly standard business processes one ends up at the sad but inevitable principle:

   the CA sets expected liabilities to zero

And must do so. Note that there is a difference between "expected liabilities" and "liabilities stated in some document". I use the term "expected" in the finance sense (c.f. Net Present Value calculations).

In practice, this is what could be called best practices, to the extent that I've seen it.

http://www.iang.org/papers/open_audit_lisa.html#rlo says the same thing in many many pages, and shows how CAcert does it.

Does anyone know of someone actually
collecting on this?

I've never heard of anyone collecting, but I wish I had (heard).

Could an affected third party sue the cert owner

In theory, yes. This is "expected". In some sense, the certificate's name might be interpreted as suggesting that because the name is validated, then you can sue that person.

However, I'd stress that's a theory. See above paper for my trashing of that, "What's in a Name?" at an individual level. I'd speculate that the problem will be some class action suit because of the enourmous costs involved.

who can
then claim against the CA to recover the loss?

If the cause of loss is listed in the documentation . . .

Is there any way that a
relying party can actually make this work, or is the warranty cover more or
less just for show?

We are facing Dan Geer's disambiguation problem:

> The design goal for any security system is that the
> number of failures is small but non-zero, i.e., N>0.
> If the number of failures is zero, there is no way
> to disambiguate good luck from spending too much.
> Calibration requires differing outcomes.

Maybe money can buy luck ;)


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to