CA Liabilty - How does it REALLY work?

[Anders Rundgren <anders.rundgren@xxxxxxxxxx>]

Hi,
During conversations with PKI-customers I often get questions regarding CA guarantees and
insurances, sometimes involving huge sums.   The more I think about it, the harder it seems.
I.e. what can (should) you REALLY guarantee?

If a private key is stolen, some CAs are prepared to insure for that.   What does stolen mean
in the digital world and how do you prove it?  The latter requires at least logging of all kind of
uses by relying parties in order to have any proofs at all.  Unfortunately, locally performed (in
contrast to server-based) signings do not seem possible to log with respect to abuse.

If you store a certificate & key (or card & PIN-code) in a sloppy way: Who is responsible?  Isn't that
just an ordinary user error that should be covered by other insurances that the customer MAY have?
I.e. are not certificate and keys in this respect identical to physical keys?

And IF the "unbreakable" RSA-keys are broken by a criminal genius, who is responsible?

If CA personnel creates keys and certificates for illegal use of other's resources it seems that ordinary
laws should be applicable.   Provided that it is ever found out...

Naturally a CA can insure whatever they want (at some cost for the customer), but I have a
feeling that future CAs will (when/if PKI really takes off), probably be less bold in their statements,
particularly if the customer is to blame.

Just some thoughts

Anders