<div dir="ltr">I'm generally supportive of this, if only because the vast majority of CA's CP/CPSes leave them enough wiggle room to drive a truck through, while still not being an insurable incident.<div><br></div>
<div>CA accidentally revokes a certificate? Most CPSes seem to leave enough verbiage in that the CA is not 'on the hook' for that.</div><div>CA accidentally misissues a certificate? Most CPSes seem to leave enough verbiage in their Subscriber/Relying Party agreements that (to a non-lawyer such as myself) that they could argue it was the subscriber's fault.</div>
<div><br></div><div>We discussed this during the Mountain View F2F, where I raised similar remarks.</div><div><br></div><div>I think absent clear guidance from the CA/B Forum on</div><div> 1) What are events that a CA should be liable for</div>
<div> 2) What language is unacceptable in a CP/CPS (in terms of disclaiming liability/imposing requirements)</div><div><br></div><div>That requiring insurance has more the effect of theatre than security.</div><div><br></div>
<div>That is, I think the practical reality is things are already wildly inconsistent and largely inapplicable for the incidents that most of us would consider inappropriate and grave for trust in the ecosystem.</div></div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 1, 2014 at 1:59 PM, Eddy Nigg <span dir="ltr"><<a href="mailto:eddy_nigg@startcom.org" target="_blank">eddy_nigg@startcom.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><div class="">
<br>
<br>
On 05/01/2014 07:56 PM, Jeremy Rowley wrote:
<blockquote type="cite">
<div>
<p class="MsoNormal"><span style="color:#1f497d">I am in favor
of that approach rather than gutting the entire
requirement. We haven’t adequately explored the
alternatives and possible revisions to the language to know
whether a simple change could satisfy the current concerns.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
</div>
</blockquote>
<br></div>
I can't be against saving expensive insurances if the effect on
having them or not would be exactly the same. However we would take
out probably a different/similar insurance in any case as we
wouldn't want to be completely unprotected. <br>
<br>
I'm not an insurance specialist and don't really know what the
options would be, if at all. We followed the EV requirement more or
less blindly because it's there and I'm actually a bit surprised
that it's perceived as entire waste of money by some. <br>
<br>
But then, Kirk is a lawyer that might have that knowledge - but
Kirk, I believe we need more information and also an alternative
before we can vote on it. <br><div class="">
<br>
<div>-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org" target="_blank">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a>startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org" target="_blank">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg" target="_blank">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</div></div>
<br>_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
<br></blockquote></div><br></div>