So you’re a commercial certificate authority and you’re looking to provide an edge over other companies doing the same thing, so why not offer some kind of insurance!
Well that’s exactly what Godaddy has done, they’re offering US$1000 warranty, but it’s the same snake oil warranty that most other CAs offer.
So anyway, Gerv from the Mozilla foundation makes this nice little post to the mozilla news group today about how he couldn’t find out from their website exactly what it covers, so he decides to phone them up and ask them.
Long story short, the comments made by the sales representative says it all:
“Well say, for example, I own www.happycompany.com and I have a Verisign certificate. Then, a fraudster registers www.happy-company.com, gets a certificate from you and rips off my customers. Is that situation covered? Would you pay out?”
“Well, no. You see, we’re not securing you, we’re securing the other guy. You have to be registered with us.”
and this;
“Have you ever paid out under the warranty program?”
“No. It’s really there just to reassure you that it’s a true 128-bit certificate, and to make you feel better about purchasing it.”
I’m really not all that surprised by this I guess, as this is the same snake oil that’s been pushed and marketed all along really.
What’s quite laughable is this statement from their website: “Your visitors, prospects, and customers are on their guard. These savvy Internet users are wary of Web sites and online businesses that aren’t what they claim to be, and worried that their personal and financial information might fall into the wrong hands.”
They must be talking about the 300 odd ‘savvy’ users referenced in yesterdays blog who blatently ignored the expired SSL certificate on the online banking site and clicked ‘continue’ anyway 😉
Of course, what proof would be required to get the $1000, and how much would it cost a lawyer to prove it if they said ‘no we don’t believe you’?