<font size=2 face="sans-serif">Certum abstains.</font>
<br>
<br><font size=2 face="sans-serif">-Piotr Matusiewicz</font>
<br>
<br>
<br>
<br><font size=1 color=#5f5f5f face="sans-serif">Od:
</font><font size=1 face="sans-serif">Ben Wilson <ben.wilson@digicert.com></font>
<br><font size=1 color=#5f5f5f face="sans-serif">Do:
</font><font size=1 face="sans-serif">CABFPub <public@cabforum.org></font>
<br><font size=1 color=#5f5f5f face="sans-serif">Data:
</font><font size=1 face="sans-serif">2014-10-08 18:08</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Temat:
</font><font size=1 face="sans-serif">[cabfpub] Ballot
133 - Insurance Requirements for EV Issuers</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Wysłane przez:
</font><font size=1 face="sans-serif">public-bounces@cabforum.org</font>
<br>
<hr noshade>
<br>
<br>
<br><font size=3 face="Times New Roman"><b>Ballot 133 - Insurance Requirements
for EV Issuers</b> </font>
<p><font size=3 face="Times New Roman">The following motion has been proposed
by Ben Wilson of Digicert and endorsed by Atilla Biler of Turktrust and
Dean Coclin of Symantec.</font>
<p><font size=3 face="Times New Roman"><b>Purpose </b></font>
<p><font size=3 face="Times New Roman">The purpose of this ballot is to
simplify the insurance requirements in section 8.4 of the EV Guidelines
by replacing commercial general liability in (A) with an ordinary property
casualty insurance requirement and to simplify third party liability coverage
in (B) and reduce the required amount of that coverage down to $3 million.
This should make it easier for CAs to obtain insurance required by the
EV Guidelines. </font>
<p><font size=3 face="Times New Roman"><b>-- MOTION BEGINS -- </b></font>
<p><font size=3 face="Times New Roman">1. Amend the second paragraph of
Section 8.1 as follows: </font>
<p><font size=3 face="Times New Roman">If a court or government body with
jurisdiction over the activities covered by these Guidelines determines
that the performance of any mandatory requirement is illegal <u>or would
conflict with local law</u>, then such requirement is considered reformed
to the minimum extent necessary to make the requirement valid and legal.
This applies only to operations, <strike>or </strike>certificate issuances,
<u>or insurance requirements </u>that are subject to the laws of that jurisdiction.
The parties involved SHALL notify the CA / Browser Forum of the facts,
circumstances, and law(s) involved, so that the CA/Browser Forum may revise
these Guidelines accordingly. </font>
<p><font size=3 face="Times New Roman">2. Amend Section 8.4 as follows:</font>
<div>
<br><a name=_Ref232572161></a><a name=_Ref232572179></a><a name=_Ref232573627></a><a name=_Toc378600287></a><font size=3 face="Times New Roman"><b>8.4.
Insurance </b></font>
<br><font size=3 face="Times New Roman">Each CA SHALL maintain the following
insurance related to <strike>their</strike> <u>its </u>respective performance
and obligations under these Guidelines:</font>
<br><font size=3 face="Times New Roman"><u>(A) Property insurance for casualty/perils
of fire, water, electrical failure, and natural disaster in sufficient
amount to cover damage or loss to physical assets used to issue and maintain
EV Certificates</u><strike>,</strike> <strike>Commercial General Liability
insurance (occurrence form) with policy limits of at least two million
US dollars in coverage</strike>; and<strike> </strike></font>
<br><font size=3 face="Times New Roman">(B) <strike>Professional</strike>
Liability<strike>, Errors and Omissions</strike> insurance, with policy
limits of at least <strike>five</strike> <u>three </u>million US dollars
in coverage<u>, per claim and in the aggregate</u>, <strike>and including
coverage</strike> for <strike>(i) claims for</strike> <u>direct </u>damages
arising out of a<strike>n</strike> <u>negligent</u> act, error, or omission,
<strike>unintentional breach of contract, or neglect</strike> in issuing
or maintaining EV Certificates<strike>, and (ii) claims for damages arising
out of infringement of the proprietary rights of any third party (excluding
copyright, and trademark infringement), and invasion of privacy and advertising
injury</strike>.</font>
<p><font size=3 face="Times New Roman"><u>(1)</u> Such insurance<u> MUST
NOT exclude coverage when providing cryptographic, digital signature, or
public key infrastructure services; </u></font>
<p><font size=3 face="Times New Roman"><u>and</u></font>
<p><font size=3 face="Times New Roman"><u>(2) Such insurance </u>must:</font>
<p><font size=3 face="Times New Roman"><u>(i) be maintained for all periods
during which an EV Certificate issued by the CA is still valid (and if
coverage is canceled or not renewed, the CA shall purchase an extended
reporting period for such periods);</u></font>
<p><font size=3 face="Times New Roman"><u>(ii) include coverage for those
territories where the CA provides EV Certificates; and</u></font>
<p><font size=3 face="Times New Roman"><u>(iii)</u> be with a company rated
<u>good or better by Standard & Poor's, A.M.</u> <strike>no less than
A- as to Policy Holder’s Rating in the current edition of</strike> Best<strike>'s
Insurance Guide</strike><u>, Fitch, Moody's, DBRS, Japan Credit Rating
Agency, Creditreform, Scope Ratings, or another similarly recognized insurance
rating agency </u><strike>(or with an association of companies each of
the members of which are so rated)</strike>.</font>
<p><font size=3 face="Times New Roman"><u>If available at reasonable cost,
a CA SHOULD maintain coverage for damage or loss to data, software, systems,
and for business interruption due to IT security failure, malware, network
attack, criminal hacker, or theft. </u></font>
<p><font size=3 face="Times New Roman">A CA MAY self-insure for liabilities
that arise from such party's performance and obligations under these Guidelines
provided that it has at least five hundred million US dollars in <strike>liquid</strike>
<u>current </u>assets based on audited financial statements in the past
twelve months, and a quick ratio (ratio of <strike>liquid</strike> <u>current</u>
assets to current liabilities) of not less than 1.0. </font>
<br><font size=3 face="Times New Roman"><b>-- MOTION ENDS -- </b></font>
<br><font size=3 face="Times New Roman">The review period for this ballot
shall commence at 2200 UTC on Wednesday, 8 October 2014, and will close
at 2200 UTC on Wednesday, 15 October 2014. Unless the motion is withdrawn
during the review period, the voting period will start immediately thereafter
and will close at 2200 UTC on Wednesday, 22 October 2014. Votes must be
cast by posting an on-list reply to this thread. </font>
<br><font size=3 face="Times New Roman">A vote in favor of the motion must
indicate a clear 'yes' in the response. A vote against must indicate a
clear 'no' in the response. A vote to abstain must indicate a clear 'abstain'
in the response. Unclear responses will not be counted. The latest vote
received from any representative of a voting member before the close of
the voting period will be counted. Voting members are listed here: </font><a href=https://cabforum.org/members/><font size=3 color=blue face="Times New Roman"><u>https://cabforum.org/members/</u></font></a><font size=3 face="Times New Roman">
</font>
<br><font size=3 face="Times New Roman">In order for the motion to be adopted,
two thirds or more of the votes cast by members in the CA category and
greater than 50% of the votes cast by members in the browser category must
be in favor. Quorum is currently nine (9) members– at least nine members
must participate in the ballot, either by voting in favor, voting against,
or abstaining. [załącznik "smime.p7s" został usunięty przez
użytkownika Piotr Matusiewicz/UNIZETO] </font><tt><font size=2>_______________________________________________<br>
Public mailing list<br>
Public@cabforum.org<br>
</font></tt><a href=https://cabforum.org/mailman/listinfo/public><tt><font size=2>https://cabforum.org/mailman/listinfo/public</font></tt></a><tt><font size=2><br>
</font></tt>
<br></div>