On 04/28/2014 08:53 PM, Zack Weinberg wrote:
I find this both surprising and disturbing. Are you saying that you
tried to obtain insurance against the possibility of this sort of
catastrophe (keys compromised due to bug in software maintained by
third parties) but could not, because no insurer would write the policy?
The typical insurance is protection against claims by third parties due
to a failure by the CA. Those are fairly expensive but possible, whereas
the sort of catastrophe you mentioned I haven't heard of so far.
--
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: start...@startcom.org <xmpp:start...@startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
