<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:TimesNewRomanPSMT;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:TimesNewRomanPS-BoldMT;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
p.line874, li.line874, div.line874
{mso-style-name:line874;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line862, li.line862, div.line862
{mso-style-name:line862;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line867, li.line867, div.line867
{mso-style-name:line867;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.info, li.info, div.info
{mso-style-name:info;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.u
{mso-style-name:u;}
span.strike
{mso-style-name:strike;}
span.z-TopofFormChar
{mso-style-name:"z-Top of Form Char";
mso-style-priority:99;
mso-style-link:"z-Top of Form";
font-family:"Arial","sans-serif";
display:none;}
span.z-BottomofFormChar
{mso-style-name:"z-Bottom of Form Char";
mso-style-priority:99;
mso-style-link:"z-Bottom of Form";
font-family:"Arial","sans-serif";
display:none;}
span.EmailStyle31
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Hello Ben,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>I have a few points to mention about the new text for BR Item 8.4 about insurance. In the previous drafts, only the newly proposed provisions were included with an effective date of “12 months after ballot adoption”. I’ve also included that text below. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span style='font-size:10.0pt;color:#1F497D'>“<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><b><span style='font-size:10.0pt;font-family:TimesNewRomanPS-BoldMT'>8.4. </span></b><b><span style='font-size:12.0pt;font-family:TimesNewRomanPS-BoldMT'>Insurance<o:p></o:p></span></b></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:TimesNewRomanPSMT'>Effective [12 months after ballot adoption], each CA SHALL maintain the following insurance:<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:TimesNewRomanPSMT'>(A) casualty insurance sufficient to cover damage or loss to CA systems due to fire, water, electrical failure, ornatural disaster; and<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:TimesNewRomanPSMT'>(B) non-contractual liability coverage of at least two million Euros (€2,000,000 per claim and in the aggregate) for financial loss to third parties arising out of a negligent act, error, or omission by the CA in issuing or<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:TimesNewRomanPSMT'>maintaining EV Certificates. Such insurance must not exclude coverage when providing public key infrastructure services and MUST be:<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:TimesNewRomanPSMT'>(i) maintained for all periods during which an EV Certificate issued by the CA is still valid (and if coverage is canceled or not renewed, the CA shall purchase an extended reporting period for such periods);<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:TimesNewRomanPSMT'>(ii) global in territorial coverage, except for countries sanctioned by the laws of the CA's jurisdiction; and<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:TimesNewRomanPSMT'>(iii) with an insurer having a financial strength rating of “good” or better by Standard & Poor’s, A.M. Best, Fitch, Moody’s, DBRS, Japan Credit Rating Agency, Creditreform, Scope Ratings, or another similarly recognized<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:TimesNewRomanPSMT'>insurance rating agency.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:TimesNewRomanPSMT'>If available at reasonable cost, a CA SHOULD maintain coverage for damage or loss to data, software, systems, and for business interruption due to IT security failure, malware, network attack, criminal hacker, or theft.<o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt;text-autospace:none'><span style='font-size:9.0pt;font-family:TimesNewRomanPSMT'>A CA MAY self-insure for liabilities that arise from such party's performance and obligations under these Guidelines provided that it has at least five hundred million US dollars in liquid assets based on audited financial statements in the past twelve months, and a quick ratio (ratio of liquid assets to current liabilities) of not less than 1.0.</span><span lang=TR style='font-size:10.0pt;color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'><span lang=TR style='font-size:10.0pt;color:#1F497D'>“<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>However, the new text under the pre-ballot draft attached suggests both the previous and the new models as alternatives until 1 October 2015, and solely the new model after that date.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>So, does this mean that upon acceptation of the ballot with the new content, the new insurance model will immediately be acceptable (which is different than what was suggested by the previous draft)? This is especially important for us as we will renew our insurances as TURKTRUST within the following months.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Another important point is that, the current EV Guidelines in force do not impose a “territorial coverage” obligation for the insurance. However, drafts for the new insurance model include the following provision additionally:<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>“<o:p></o:p></span></p><p class=line874 style='margin:0cm;margin-bottom:.0001pt'><u><span lang=EN>(ii) global in territorial coverage, except for countries sanctioned by the laws of the CA's jurisdiction; and <o:p></o:p></span></u></p><p class=MsoNormal><span style='color:#1F497D'>“<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>This seems to be not applicable under the insurance legislations of Turkey, even when using internationally graded insurance companies via insurance brokers. The reason is not only “the countries sanctioned by the laws” but also the insurance companies who do not accept to cover such a large territory, i.e. the whole world. We will check this requirement again in detail through our insurance companies and give a solid feedback to the Forum as soon as possible. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>This may also be valid for some other countries as well except Northern America or Europe, so I will kindly encourage those CAs to give feedback about this point according to their countries’ legislations. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=TR style='color:#1F497D'>N. Atilla BILER<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=TR style='color:#1F497D'>Business Development Manager<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=TR style='color:#1F497D'>TURKTRUST Inc.<o:p></o:p></span></b></p><p class=MsoNormal><span lang=TR style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'>Address: Hollanda Cad. 696.Sok. No:7 Yildiz 06550 Cankaya / ANKARA - TURKEY<o:p></o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'>Phone : +90 (312) 439 10 00<o:p></o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'>Mobile : +90 (530) 314 24 05<o:p></o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'>Fax : +90 (312) 439 10 01<o:p></o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'>E-mail : <a href="mailto:atilla.biler@turktrust.com.tr"><span style='color:#1F497D'>atilla.biler@turktrust.com.tr</span></a> <o:p></o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'>Web : <a href="http://www.turktrust.com.tr/"><span style='color:#1F497D'>www.turktrust.com.tr</span></a> <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=TR style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b>From:</b> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Ben Wilson<br><b>Sent:</b> 28 Ağustos 2014 Perşembe 02:01<br><b>To:</b> public@cabforum.org (public@cabforum.org)<br><b>Subject:</b> [cabfpub] Pre-Ballot 133 - Insurance Requirements for EV Issuers<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=line874>Here is a pre-ballot draft of a proposal to modify the insurance requirements for Extended Validation Certificates. <o:p></o:p></p><p class=line874>Attached is a PDF and it’s also posted here - <a href="https://cabforum.org/wiki/133%20-%20Insurance%20Requirements%20for%20EV%20Issuers">https://cabforum.org/wiki/133%20-%20Insurance%20Requirements%20for%20EV%20Issuers</a> <o:p></o:p></p><p class=line874>I’m looking for two endorsers and/or comments.<o:p></o:p></p><p class=line874><b>Ballot 133 - Insurance Requirements for EV Issuers <o:p></o:p></b></p><p class=line874>Motion: Ben Wilson made the following motion, and ______ and _________ endorsed it:<o:p></o:p></p><p class=line874><b>Rationale</b><a name=texteditlink></a><o:p></o:p></p><p class=line874><span lang=EN>The purpose of this ballot is to simplify the insurance requirements in section 8.4 of the EV Guidelines by replacing commercial general liability with ordinary casualty insurance and complicated third party coverage of $5 million with simpler €2 million liability insurance. This should make it easier for CAs to obtain insurance required by the EV Guidelines. <o:p></o:p></span></p><p class=line874><span lang=EN>-- MOTION BEGINS -- <o:p></o:p></span></p><p class=line874><span lang=EN>1. Amend the second paragraph of Section 8.1 as follows: <o:p></o:p></span></p><p class=line862><span lang=EN>If a court or government body with jurisdiction over the activities covered by these Guidelines determines that the performance of any mandatory requirement is illegal <span class=u><u>or would conflict with local law</u></span>, then such requirement is considered reformed to the minimum extent necessary to make the requirement valid and legal. This applies only to operations<span class=u>,</span> <span class=strike><s>or</s></span> certificate issuances, <span class=u><u>or insurance requirements</u></span> that are subject to the laws of that jurisdiction. The parties involved SHALL notify the CA / Browser Forum of the facts, circumstances, and law(s) involved, so that the CA/Browser Forum may revise these Guidelines accordingly. <o:p></o:p></span></p><p class=line874><span lang=EN>2. Amend Section 8.4 as follows: <o:p></o:p></span></p><p class=line867><strong><span lang=EN>8.4. Insurance </span></strong><span lang=EN><o:p></o:p></span></p><p class=line867><span class=u><u><span lang=EN>Prior to 1 October 2015, e</span></u></span><span class=strike><s><span lang=EN>E</span></s></span><span lang=EN>ach CA SHALL maintain the following insurance related to <span class=strike><s>their</s></span><s> </s><span class=u><u>its</u> </span>respective performance and obligations under these Guidelines: <o:p></o:p></span></p><p class=line862><span lang=EN>(A) <span class=u><u>(1) Casualty insurance sufficient to cover damage or loss to CA systems due to fire, water, electrical failure, or natural disaster, or (2)</u> </span>Commercial General Liability insurance (occurrence form) with policy limits of at least two million US dollars in coverage; and <o:p></o:p></span></p><p class=line862><span lang=EN>(B) <span class=u><u>(1) non-contractual liability coverage of at least two million Euros (€2,000,000 per claim and in the aggregate) for financial loss to third parties arising out of a negligent act, error, or omission by the CA in issuing or maintaining EV certificates, or (2)</u></span> Professional Liability/Errors and Omissions insurance, with policy limits of at least five million US dollars in coverage, and including coverage for (i) claims for damages arising out of an act, error, or omission, unintentional breach of contract, or neglect in issuing or maintaining EV Certificates, and (ii) claims for damages arising out of infringement of the proprietary rights of any third party (excluding copyright, and trademark infringement), and invasion of privacy and advertising injury. <o:p></o:p></span></p><p class=line867><span class=u><u><span lang=EN>Effective as of 1 October 2015, each CA SHALL maintain the insurance specified in sections (A)(1) and (B)(1) above. </span></u></span><u><span lang=EN><o:p></o:p></span></u></p><p class=line874><span lang=EN>The insurance specified in subsection (B) SHOULD BE global in territorial coverage, except for countries sanctioned by the laws of the CA's jurisdiction <o:p></o:p></span></p><p class=line867><span lang=EN>Such insurance <span class=u><u>MUST NOT exclude coverage when providing public key infrastructure services and</u> </span>MUST be: <o:p></o:p></span></p><p class=line867><span class=u><u><span lang=EN>(i) maintained for all periods during which an EV Certificate issued by the CA is still valid (and if coverage is canceled or not renewed, the CA shall purchase an extended reporting period for such periods); </span></u></span><u><span lang=EN><o:p></o:p></span></u></p><p class=line874><u><span lang=EN>(ii) global in territorial coverage, except for countries sanctioned by the laws of the CA's jurisdiction; and <o:p></o:p></span></u></p><p class=line862><u><span lang=EN>(iii)</span></u><span lang=EN> with a company rated <span class=u><u>good or better by Standard & Poor's, A.M.</u></span><u> </u><span class=strike><s>no less than A- as to Policy Holder's Rating in the current edition of</s></span><s> Best<span class=strike>'s Insurance Guide</span><span class=u>,</span></s><span class=u> <u>Fitch, Moody's, DBRS, Japan Credit Rating Agency, Creditreform, Scope Ratings, or another similarly recognized insurance rating agency</u> </span><span class=strike><s>(or with an association of companies each of the members of which are so rated)</s></span><s>.</s> <o:p></o:p></span></p><p class=line867><span class=u><u><span lang=EN>If available at reasonable cost, a CA SHOULD maintain coverage for damage or loss to data, software, systems, and for business interruption due to IT security failure, malware, network attack, criminal hacker, or theft. </span></u></span><u><span lang=EN><o:p></o:p></span></u></p><p class=line867><span lang=EN>A CA MAY self-insure for liabilities that arise from such party's performance and obligations under these Guidelines provided that it has at least five hundred million US dollars in liquid assets based on audited financial statements in the past twelve months, and a quick ratio (ratio of liquid assets to current liabilities) of not less than 1.0. <o:p></o:p></span></p><p class=line874><span lang=EN>-- MOTION ENDS -- <o:p></o:p></span></p><p class=MsoNormal id=pageinfo><o:p> </o:p></p></div></body></html>