I hadn't seen that before. Currently I understand all CAs to be in practice zero-accountable. Does anyone know any different? Are there any payouts? Has a CA ever been held to account?
On this point, I have noted that some CAs (e.g. XRamp) offer warranties against fraudulent cert issuance. I don't know if anyone's ever claimed - but then there's never been a high-profile case of loss due to an incorrectly-issued cert.
Gerv _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
