On 12/30/2008 01:43 PM, Ian G:
Most all certificates carry no warranty or have zero liability disclaimers. Of course the words may differ, but even EV Guidelines permit the CA to set zero liability, except where it shown that the CA is at fault, and even that may be limited to something fairly tame given the market they are heading into.
The browser does not know the difference! A certificate is a certificate is a certificate. I don't want to demonstrate it again to prove my point due to protect the private key of the mozilla.com certificate. Your analyzes are not relevant for the browser - hence not relevant for the relying party (and in this case Mozilla). This could have been literally ANY organization instead. It could have been somebody else than me interested to disclose publicly. It could have been multiple certificates, nothing would have prevented that. And it would not have protected the CA from claims.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
