SSL certificates often advertise varying amounts of warranties or guarantees, for example $500,000 or $1m.
My question is, in the history of SSL, has anyone ever actually successfully claimed one of these warranties? Has there ever been a case? If not, is it fair to assume they are just marketing gimmicks?
The warranty is kind of misleading, actually, because it's not issued to the purchaser of the certificate -- it's issued to the users of the site. So say you give your credit card details to a website that's verified by a CA that offers a warranty and the (fraudulent) site takes money from you, then you can use the warranty to claim back the money you lost.
In reality, though, this almost never happens. It's extremely rare (though not entirely unheard of) for a CA to give out a certificate to a fraudulent entity. And when it does happen, it's pretty much then end of that CA -- all trust is lost and it cannot continue to conduct business. DigiNotar declared bankruptcy within a month of that scandal.
Note that it also don't cover "phishing" sites. So if you give your credit card details to "paypal.com.scammer.org" then, even though that domain might be verified by a CA, that's still your own fault. It would only be if a CA erroneously gave a certificate for "paypal.com" to someone who is not PayPal.
No they should not be marketing gimmicks!
Certificates are not issued to just any one.
Companies that are trusted issuers, do research on someone requesting a certificate that he indeed is who he claims and that he has a legitimate business.
If for example you connect to a website that is fraud but has obtained a certificate from Verisign (mentioned as an example), I would expect that you can do many legal actions against the (both site and issuer).
SSL is based on trust which is a very thin concept when it comes to computer security.
If the trusted issuers are not doing their job good enough, then security goes down the drain.
Personally I don't know if there is any historic example on this (I hope there isn't any)
