[cabfpub] Limitation of Liability and Indemnification

Gervase Markham gerv at mozilla.org
Tue Oct 24 08:54:45 UTC 2017


On 23/10/17 16:26, Ryan Sleevi wrote:
> No, I mean both with respect to the misissuance of EV (I can think of
> several CAs that have done so)

You are right; my language was loose. What I meant to say was, we have
no confirmed cases of misissuance via a successful attack on the EV
validation system (i.e. person A trying and succeeding to get an EV cert
for a site they do not own or control, and managing to have it filled
with fake rather than real information so they cannot be held to account).

Gerv



More information about the Public mailing list