that the documented policies and procedures for identification and authentication relevant to the CA were not followed.
A CA has limited liability for not revoking certificates according to its revocation policy.
A CA has limited liability for revoking a certificate for a reason not specified in its revocation policy.
A CA has limited liability if, despite its having followed published policies and procedures, a certificate in the database is modified or deleted.
• Liability Policy. The extent of liability in the above situations is conceivably a part of the policy under which a CA or key-generation facility operates. The policy must distinguish between direct liability on the one hand and indirect and consequential damages on the other.
The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
H - Summary of Important Requirements for a Public-Key Infrastructure ."
Cryptography's Role in Securing the Information Society . Washington, DC: The National Academies Press,
Please select a format: