|
|
|
|
|
|
by ludbb
3889 days ago
|
|
|
About the stats: by "specially about their deployment count and usage over time" I meant the number of certs deployed by cert type (DV, OV, EV) and how has their usage progressed over time? If the second part is not clear, let's say that 5 years ago EV certs represented 2% among issued certs, and today it represents 1.4% -- I'm looking for historic data about this. Thanks about the warranty clarification, so it only protects you if the /CA/ does something bad to you? In that case wouldn't it possible to sue the entity for, possibly, an even larger sum? |
|
|
>Thanks about the warranty clarification, so it only protects you if the /CA/ does something bad to you? In that case wouldn't it possible to sue the entity for, possibly, an even larger sum?
Yes, I believe the damage has to be due to the CAs behaviors. The two major situations I can think of that would qualify would be:
1. The CA issues a certificate for your domain/company to someone who was not authorized. However I would think that cert would then have to be used in an actual attack so you could quantify your damages.
2. The CA is breached in some way that allowed your certificate to be compromised or allowed an attacker to create a fraudulent certificate for your domain/company.
That is a very good question about suing the CA for other damages. I am not aware if this has ever occurred but it certainly seems like it could.