Hi All, Is there any bonding of CAs? Do any browsers or other relying parties require it?
Recall the first thing Diginotar did upon its failure was declare bankruptcy. I believe that likely relieved the company of most of its fiduciary responsibilities laid out in it CPS. Two things drop out: (1) these folks should be bonded or insured, and (2) those doing the bonding or insuring will probably take an in-depth look at practices of the CA (money motivates folks like that). In addition, it might have prevent Trustwave, where the insurer was not willing to indemnify the CA with the perverted changes it made to the CPS and TOS. Jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
