On 04/28/2014 08:53 PM, Zack Weinberg wrote:
I find this both surprising and disturbing. Are you saying that you tried to obtain insurance against the possibility of this sort of catastrophe (keys compromised due to bug in software maintained by third parties) but could not, because no insurer would write the policy?
The typical insurance is protection against claims by third parties due to a failure by the CA. Those are fairly expensive but possible, whereas the sort of catastrophe you mentioned I haven't heard of so far.
-- Regards Signer: Eddy Nigg, COO/CTO StartCom Ltd. <http://www.startcom.org> XMPP: start...@startcom.org <xmpp:start...@startcom.org> Blog: Join the Revolution! <http://blog.startcom.org> Twitter: Follow Me <http://twitter.com/eddy_nigg> _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy