> Verisign's declaimer which is part of the CPS. > This would the CA simply endorses the subscriber's > information. How can you trust a CA with a > disclaimer like this? You can't. Furthermore, Verisign already compromised its trust model in the worst way some time ago when it let a complete stranger obtain a Microsoft signing certificate. Since then, I've pretty much written them off as far as trustworthiness goes.