<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Texto de globo Car";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EstiloCorreo17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.TextodegloboCar
{mso-style-name:"Texto de globo Car";
mso-style-priority:99;
mso-style-link:"Texto de globo";
font-family:"Tahoma","sans-serif";}
span.EstiloCorreo20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ES link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>If it can help, we have this type of insurance<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal style='line-height:9.75pt'><b><span lang=ES-TRAD style='font-size:8.5pt;font-family:"Tahoma","sans-serif";color:black'>Iñigo Barreira</span></b><span lang=ES-TRAD style='font-size:8.5pt;font-family:"Tahoma","sans-serif";color:black'><br>Responsable del Área técnica<br><a href="mailto:i-barreira@izenpe.net">i-barreira@izenpe.net</a><o:p></o:p></span></p><p class=MsoNormal><span lang=ES-TRAD style='font-size:8.5pt;font-family:"Tahoma","sans-serif";color:black'>945067705</span><span lang=ES-TRAD style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span lang=ES-TRAD style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><img border=0 width=585 height=111 id="Imagen_x0020_1" src="cid:image001.png@01CF6844.F33CB2E0" alt="Descripción: cid:image001.png@01CE3152.B4804EB0"></span><span lang=ES-TRAD style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal style='line-height:9.75pt'><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#888888;mso-fareast-language:ES-TRAD'>ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#888888;mso-fareast-language:ES-TRAD'><br></span><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#888888;mso-fareast-language:ES-TRAD'>ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.</span><span style='font-family:"Calibri","sans-serif";color:navy;mso-fareast-language:ES-TRAD'><o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>De:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>En nombre de </b>Ben Wilson<br><b>Enviado el:</b> viernes, 02 de mayo de 2014 19:04<br><b>Para:</b> 'Ryan Sleevi'; 'Eddy Nigg'<br><b>CC:</b> 'CABFPub'<br><b>Asunto:</b> Re: [cabfpub] Ballot 121 - EVGL Insurance Requirements<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>FWIW - Here are some resources I found on cyber risk insurance, which is a type of insurance that might be more applicable to the CA industry:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>English<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://latham.com/thoughtLeadership/lw-cybersecurity-insurance-policy-coverage">http://latham.com/thoughtLeadership/lw-cybersecurity-insurance-policy-coverage</a> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://www.aon.com/risk-services/cyber.jsp">http://www.aon.com/risk-services/cyber.jsp</a> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://www.zurich.com/insight/cyber/cyber-risk.htm">http://www.zurich.com/insight/cyber/cyber-risk.htm</a><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://uk.marsh.com/RiskIssues/CyberRisk/lapg-13383/2.aspx">http://uk.marsh.com/RiskIssues/CyberRisk/lapg-13383/2.aspx</a><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://www.allianz.com.au/media/news/2014/allianz-launches-cyber-risk-insurance-product">http://www.allianz.com.au/media/news/2014/allianz-launches-cyber-risk-insurance-product</a> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>German<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://www.aon.com/germany/risk-services/cyber-risiken.jsp">http://www.aon.com/germany/risk-services/cyber-risiken.jsp</a><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Spanish<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://spain.marsh.com/ActualidadAFondo/Liderazgointelectual/Articles/ID/24861/PageID/25841/Ciber-riesgo-la-seguridad-de-la-informacion-electronica.aspx">http://spain.marsh.com/ActualidadAFondo/Liderazgointelectual/Articles/ID/24861/PageID/25841/Ciber-riesgo-la-seguridad-de-la-informacion-electronica.aspx</a> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Chinese<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://asia.marsh.com/china/tabid/14027/ID/33653/default.aspx">http://asia.marsh.com/china/tabid/14027/ID/33653/default.aspx</a> - <a href="http://asia.marsh.com/china/MRMR/ID/35546.aspx">http://asia.marsh.com/china/MRMR/ID/35546.aspx</a> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>French<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://www.cnaeurope.com/CNADownloadsLibrary/Cyber%20NetProtect%20Brochure.pdf">http://www.cnaeurope.com/CNADownloadsLibrary/Cyber%20NetProtect%20Brochure.pdf</a> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Ryan Sleevi<br><b>Sent:</b> Thursday, May 01, 2014 3:18 PM<br><b>To:</b> Eddy Nigg<br><b>Cc:</b> CABFPub<br><b>Subject:</b> Re: [cabfpub] Ballot 121 - EVGL Insurance Requirements<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-US>I'm generally supportive of this, if only because the vast majority of CA's CP/CPSes leave them enough wiggle room to drive a truck through, while still not being an insurable incident.<o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>CA accidentally revokes a certificate? Most CPSes seem to leave enough verbiage in that the CA is not 'on the hook' for that.<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>CA accidentally misissues a certificate? Most CPSes seem to leave enough verbiage in their Subscriber/Relying Party agreements that (to a non-lawyer such as myself) that they could argue it was the subscriber's fault.<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>We discussed this during the Mountain View F2F, where I raised similar remarks.<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>I think absent clear guidance from the CA/B Forum on<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US> 1) What are events that a CA should be liable for<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US> 2) What language is unacceptable in a CP/CPS (in terms of disclaiming liability/imposing requirements)<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>That requiring insurance has more the effect of theatre than security.<o:p></o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div><div><p class=MsoNormal><span lang=EN-US>That is, I think the practical reality is things are already wildly inconsistent and largely inapplicable for the incidents that most of us would consider inappropriate and grave for trust in the ecosystem.<o:p></o:p></span></p></div></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-US>On Thu, May 1, 2014 at 1:59 PM, Eddy Nigg <<a href="mailto:eddy_nigg@startcom.org" target="_blank">eddy_nigg@startcom.org</a>> wrote:<o:p></o:p></span></p><div><div><p class=MsoNormal><span lang=EN-US><br><br>On 05/01/2014 07:56 PM, Jeremy Rowley wrote: <o:p></o:p></span></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='color:#1F497D'>I am in favor of that approach rather than gutting the entire requirement. We haven’t adequately explored the alternatives and possible revisions to the language to know whether a simple change could satisfy the current concerns.</span><span lang=EN-US><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='color:#1F497D'> </span><span lang=EN-US><o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div><p class=MsoNormal><span lang=EN-US>I can't be against saving expensive insurances if the effect on having them or not would be exactly the same. However we would take out probably a different/similar insurance in any case as we wouldn't want to be completely unprotected. <br><br>I'm not an insurance specialist and don't really know what the options would be, if at all. We followed the EV requirement more or less blindly because it's there and I'm actually a bit surprised that it's perceived as entire waste of money by some. <br><br>But then, Kirk is a lawyer that might have that knowledge - but Kirk, I believe we need more information and also an alternative before we can vote on it. <o:p></o:p></span></p><div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><div><p class=MsoNormal><span lang=EN-US>-- <o:p></o:p></span></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0><tr><td colspan=2 style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal>Regards <o:p></o:p></p></td></tr><tr><td colspan=2 style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal> <o:p></o:p></p></td></tr><tr><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal>Signer: <o:p></o:p></p></td><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal>Eddy Nigg, COO/CTO<o:p></o:p></p></td></tr><tr><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal> <o:p></o:p></p></td><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><a href="http://www.startcom.org" target="_blank">StartCom Ltd.</a><o:p></o:p></p></td></tr><tr><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal>XMPP: <o:p></o:p></p></td><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><a href="mailto:startcom@startcom.org">startcom@startcom.org</a><o:p></o:p></p></td></tr><tr><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal>Blog: <o:p></o:p></p></td><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><a href="http://blog.startcom.org" target="_blank">Join the Revolution!</a><o:p></o:p></p></td></tr><tr><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal>Twitter: <o:p></o:p></p></td><td style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal><a href="http://twitter.com/eddy_nigg" target="_blank">Follow Me</a><o:p></o:p></p></td></tr><tr><td colspan=2 style='padding:0cm 0cm 0cm 0cm'><p class=MsoNormal> <o:p></o:p></p></td></tr></table></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US><br>_______________________________________________<br>Public mailing list<br><a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br><a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div></div></body></html>