Stats like that may be available but I can not think of anything at the moment. I will look into that and let you know.
>Thanks about the warranty clarification, so it only protects you if the /CA/ does something bad to you? In that case wouldn't it possible to sue the entity for, possibly, an even larger sum?
Yes, I believe the damage has to be due to the CAs behaviors. The two major situations I can think of that would qualify would be:
1. The CA issues a certificate for your domain/company to someone who was not authorized. However I would think that cert would then have to be used in an actual attack so you could quantify your damages.
2. The CA is breached in some way that allowed your certificate to be compromised or allowed an attacker to create a fraudulent certificate for your domain/company.
That is a very good question about suing the CA for other damages. I am not aware if this has ever occurred but it certainly seems like it could.
>Thanks about the warranty clarification, so it only protects you if the /CA/ does something bad to you? In that case wouldn't it possible to sue the entity for, possibly, an even larger sum?
Yes, I believe the damage has to be due to the CAs behaviors. The two major situations I can think of that would qualify would be:
1. The CA issues a certificate for your domain/company to someone who was not authorized. However I would think that cert would then have to be used in an actual attack so you could quantify your damages.
2. The CA is breached in some way that allowed your certificate to be compromised or allowed an attacker to create a fraudulent certificate for your domain/company.
That is a very good question about suing the CA for other damages. I am not aware if this has ever occurred but it certainly seems like it could.