Basically a marketing gig, as the terms to collect tend to be ridiculous.
Look at Comodo for instance. To collect their insurance policy they have to issue a certificate to someone who isn't you, and then that certificate has to be used to steal someone's money. In that case they may actually already be liable, but they're saying they'll just give you up to $10,000 to deal with it.
> We believe it is important to protect the end user. If we were to mis-issue a certificate to a fraudulent site, that fraudulent site has an SSL link with an end user and as a result of this the end user loses money the end user had what they thought was a "trusted session". Comodo should never have provided the fraudster with the ability to engineer this situation we therefore have insurance to pay the end user for any losses that they may incur. Why would we do this?
Look at Comodo for instance. To collect their insurance policy they have to issue a certificate to someone who isn't you, and then that certificate has to be used to steal someone's money. In that case they may actually already be liable, but they're saying they'll just give you up to $10,000 to deal with it.
> We believe it is important to protect the end user. If we were to mis-issue a certificate to a fraudulent site, that fraudulent site has an SSL link with an end user and as a result of this the end user loses money the end user had what they thought was a "trusted session". Comodo should never have provided the fraudster with the ability to engineer this situation we therefore have insurance to pay the end user for any losses that they may incur. Why would we do this?
http://www.instantssl.com/ssl-certificate-support/ssl_faqs/s...