Yes, the CPS disclaims all WARANTIES.
You do not want a CA that provides a recourse that depends on finding of
fault. WARANTIES are a specific legal instrument that provides recourse
through the courts under theories of merchantability and negligence. So you
have to PROVE the CA did something wrong... you don't want that.
What you want is insurance, read the relying party agreement. That
specifically provides insurance for certain specific failures. In other
words a NO-FAULT dispute procedure.
Do you think that folk signing PGP keys are undertaking unlimited liability
should the certification turn out to be incorrect?
Folk use our $15 a year certificates for some hair raising stuff. There is a
certain organization that moves very large sums of money every day whose PKI
consists of buying a few hundred certs from our consumer site via credit
card. So don't expect anyone to accept unlimited liability for a fixed $15
fee.
If you want to have insurance on a per transaction model you have to go to
an online technology. That is one of the many reasons we designed OCSP and
then XKMS.
I think the real problem here is that folk are demanding something that is
impossible. They want a PKI that is entirely costless, failure free and
provides unlimited liability. If you set that as the standard for existence
of a global PKI then you are never going to see one.
Security is risk control, not risk elimination.
Phill