The party that might have a claim against the CA, however, would be the
site that was spoofed by an interloper using a bogus certificate improperly
issued by the CA. I'm not a lawyer, but off the top of my head I can think
of several claims the compromised site could make, including perhaps
trademark infringement, interference with contract, neglience, conspiracy...
Actually, from that perspective, I don't see why an individual who relied
on representations of trustworthness made by a CA and was adversely
affected by the negligent actions of that CA would not have a claim,
either. Depending on the scale, it might even get picked up by the Federal
Trade Commission and/or filed as a class action.
At 11:46 PM 1/3/00 -0600, William H. Geiger III wrote:
>Well I seriously have my doubts on the liability of any CA as to the
>accuracy of their assertions of identity. If you go to a website that has
>a VeriSign cert, and the identity info in the cert is wrong, there is no
>contractual obligation between VeriSign and yourself. It would be
>different if you were paying VeriSign to provide you with certified
>identities of 3rd parties but last I looked this is not the business model
>that they are using (nor is any other CA).
