So you’re a commercial certificate authority and you’re looking to provide an edge over other companies doing the same thing, so why not offer some kind of insurance!
Well that’s exactly what Godaddy has done, they’re offering US$1000 warranty, but it’s the same snake oil warranty that most other CAs offer.
So anyway, Gerv from the Mozilla foundation makes this nice little post to the mozilla news group today about how he couldn’t find out from their website exactly what it covers, so he decides to phone them up and ask them.
Long story short, the comments made by the sales representative says it all:
“Well say, for example, I own www.happycompany.com and I have a Verisign certificate. Then, a fraudster registers www.happy-company.com, gets a certificate from you and rips off my customers. Is that situation covered? Would you pay out?”
“Well, no. You see, we’re not securing you, we’re securing the other guy. You have to be registered with us.”
“Have you ever paid out under the warranty program?”
“No. It’s really there just to reassure you that it’s a true 128-bit certificate, and to make you feel better about purchasing it.”
I’m really not all that surprised by this I guess, as this is the same snake oil that’s been pushed and marketed all along really.