<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
line-height:normal;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
margin-bottom:.1in;
margin-left:0in;
line-height:120%;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line867, li.line867, div.line867
{mso-style-name:line867;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
line-height:normal;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line874, li.line874, div.line874
{mso-style-name:line874;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
line-height:normal;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line862, li.line862, div.line862
{mso-style-name:line862;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
line-height:normal;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.u
{mso-style-name:u;}
span.strike
{mso-style-name:strike;}
span.EmailStyle25
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Microsoft abstains, on the reason that the ballot does not directly improve the security of CA operations or benefit end users. Microsoft does support simplifying CA insurance requirements in the EV guidelines
and will support a ballot similar to ballot 121. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Kelvin<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="color:#1F497D"><o:p> </o:p></span></a></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org]
<b>On Behalf Of </b>Ben Wilson<br>
<b>Sent:</b> Wednesday, October 1, 2014 7:55 PM<br>
<b>To:</b> CABFPub<br>
<b>Subject:</b> [cabfpub] Ballot 133 - Insurance Requirements for EV Issuers<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="line867"><strong><span style="font-weight:normal">Please take a look and let me know your comments.<o:p></o:p></span></strong></p>
<p class="line867"><strong>Ballot 133 - Insurance Requirements for EV Issuers</strong>
<o:p></o:p></p>
<p class="line874">Purpose <o:p></o:p></p>
<p class="line874">The purpose of this ballot is to simplify the insurance requirements in section 8.4 of the EV Guidelines by replacing commercial general liability in (A) with an ordinary property casualty insurance requirement and to simplify third party
liability coverage in (B) and reduce the required amount of that coverage down to $3 million. This should make it easier for CAs to obtain insurance required by the EV Guidelines.
<o:p></o:p></p>
<p class="line874">-- MOTION BEGINS -- <o:p></o:p></p>
<p class="line874">1. Amend the second paragraph of Section 8.1 as follows: <o:p>
</o:p></p>
<p class="line862">If a court or government body with jurisdiction over the activities covered by these Guidelines determines that the performance of any mandatory requirement is illegal
<span class="u"><u>or would conflict with local law</u></span>, then such requirement is considered reformed to the minimum extent necessary to make the requirement valid and legal. This applies only to operations<span class="u">,</span>
<span class="strike"><s>or</s></span><s> </s>certificate issuances, <span class="u">
<u>or insurance requirements</u></span><u> </u>that are subject to the laws of that jurisdiction. The parties involved SHALL notify the CA / Browser Forum of the facts, circumstances, and law(s) involved, so that the CA/Browser Forum may revise these Guidelines
accordingly. <o:p></o:p></p>
<p class="line874">2. Amend Section 8.4 as follows:<o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:5.75pt;margin-right:2.2in;margin-bottom:4.3pt;margin-left:0in;text-align:justify">
<a name="_Ref232572161"></a><a name="_Ref232572179"></a><a name="_Ref232573627"></a><a name="_Toc378600287"></a><b><span style="font-size:14.0pt;font-family:"Times New Roman","serif"">8.4. Insurance
<o:p></o:p></span></b></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:2.2in;margin-bottom:12.25pt">
<span style="font-size:12.0pt;font-family:"Times New Roman","serif"">Each CA SHALL maintain the following insurance related to
<s>their</s> <u>its </u>respective performance and obligations under these Guidelines:<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:2.2in;margin-bottom:12.25pt;margin-left:.5in;text-indent:-.25in">
<u><span style="font-size:12.0pt;font-family:"Times New Roman","serif"">(A) Property insurance for casualty/perils of fire, water, electrical failure, and natural disaster in sufficient amount to cover damage or loss to physical assets used to issue and maintain
EV Certificates</span></u><s><span style="font-size:12.0pt;font-family:"Times New Roman","serif"">,</span></s><span style="font-size:12.0pt;font-family:"Times New Roman","serif"">
<s>Commercial General Liability insurance (occurrence form) with policy limits of at least two million US dollars in coverage</s>; and<s>
<o:p></o:p></s></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-right:2.2in;margin-bottom:12.25pt;margin-left:.5in;text-indent:-.25in">
<span style="font-size:12.0pt;font-family:"Times New Roman","serif"">(B) <s>Professional</s> Liability<s>, Errors and Omissions</s> insurance, with policy limits of at least
<s>five</s> <u>three </u>million US dollars in coverage<u>, per claim and in the aggregate</u>,
<s>and including coverage</s> for <s>(i) claims for</s> <u>direct </u>damages arising out of a<s>n</s>
<u>negligent</u> act, error, or omission, <s>unintentional breach of contract, or neglect</s> in issuing or maintaining EV Certificates<s>, and (ii) claims for damages arising out of infringement of the proprietary rights of any third party (excluding copyright,
and trademark infringement), and invasion of privacy and advertising injury</s>.<o:p></o:p></span></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:2.2in;margin-bottom:12.25pt;margin-left:.5in;line-height:normal">
<u>(1)</u> Such insurance<u> MUST NOT exclude coverage when providing cryptographic, digital signature, or public key infrastructure services;
<o:p></o:p></u></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:2.2in;margin-bottom:12.25pt;margin-left:.5in;line-height:normal">
<u>and<o:p></o:p></u></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:2.2in;margin-bottom:12.25pt;margin-left:.5in;line-height:normal">
<u>(2) Such insurance </u><span style="text-transform:uppercase">must</span>:<o:p></o:p></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:2.2in;margin-bottom:12.25pt;margin-left:.5in;line-height:normal">
<u>(i) be maintained for all periods during which an EV Certificate issued by the CA is still valid (and if coverage is canceled or not renewed, the CA shall purchase an extended reporting period for such periods);<o:p></o:p></u></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:2.2in;margin-bottom:12.25pt;margin-left:.5in;line-height:normal">
<u>(ii) include coverage for those territories where the CA provides EV Certificates; and<o:p></o:p></u></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:2.2in;margin-bottom:12.25pt;margin-left:.5in;line-height:normal">
<u>(iii)</u> be with a company rated <u>good or better by Standard & Poor's, A.M.</u>
<s>no less than A- as to Policy Holder’s Rating in the current edition of</s> Best<s>'s Insurance Guide</s><u>, Fitch, Moody's, DBRS, Japan Credit Rating Agency, Creditreform, Scope Ratings, or another similarly recognized insurance rating agency
</u><s>(or with an association of companies each of the members of which are so rated)</s>.<o:p></o:p></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:2.2in;margin-bottom:12.25pt;margin-left:.5in;line-height:normal">
<u>If available at reasonable cost, a CA SHOULD maintain coverage for damage or loss to data, software, systems, and for business interruption due to IT security failure, malware, network attack, criminal hacker, or theft.
<o:p></o:p></u></p>
<p style="mso-margin-top-alt:5.0pt;margin-right:2.2in;margin-bottom:12.25pt;margin-left:.5in;line-height:normal">
A CA MAY self-insure for liabilities that arise from such party's performance and obligations under these Guidelines provided that it has at least five hundred million US dollars in
<s>liquid</s> <u>current </u>assets based on audited financial statements in the past twelve months, and a quick ratio (ratio of
<s>liquid</s> <u>current</u> assets to current liabilities) of not less than 1.0.
<o:p></o:p></p>
<p class="line874"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>