<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Bradley Hand ITC";
panose-1:3 7 4 2 5 3 2 3 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.line867, li.line867, div.line867
{mso-style-name:line867;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line874, li.line874, div.line874
{mso-style-name:line874;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.line862, li.line862, div.line862
{mso-style-name:line862;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">With attachment<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Kirk Hall (RD-US)
<br>
<b>Sent:</b> Monday, December 01, 2014 3:22 PM<br>
<b>To:</b> CABFPub (public@cabforum.org)<br>
<b>Subject:</b> Ballot 141 (revised) – Elimination of EV Insurance Requirement; Financial Responsibility for Mis-Issued Certificates<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Two revisions to Ballot 141, which I posted earlier today. The revisions are (1) correction of a reference to “OV” in the Purpose section when I meant to say DV (corrected below), and (2) adding an Effective Date – immediately as to eliminating
the EV insurance requirements, April 1, 2015 as to the other provisions (so CAs can modify their Subscriber Agreements, CPSs, etc.)
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The revised Ballot 141 is shown below, and attached.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><i><span style="font-size:14.0pt;font-family:"Bradley Hand ITC";color:#0F243E">Kirk R. Hall<o:p></o:p></span></i></b></p>
<p class="MsoNormal">Operations Director, Trust Services<o:p></o:p></p>
<p class="MsoNormal">Trend Micro<o:p></o:p></p>
<p class="MsoNormal">+1.503.753.3088<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="line867" style="background:white"><strong><span style="font-family:"Arial","sans-serif";color:black">Ballot 141 – Elimination of EV Insurance Requirement; Financial Responsibility for Mis-Issued Certificates
</span></strong><span style="font-family:"Arial","sans-serif";color:black"><o:p></o:p></span></p>
<p class="line874" style="background:white;orphans: auto;text-align:start;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"Arial","sans-serif";color:black">The following motion has been proposed by Kirk Hall of Trend Micro and endorsed by Robin Alden of Comodo and Dean Coclin of Symantec.<o:p></o:p></span></p>
<p class="line874" style="background:white"><span style="font-family:"Arial","sans-serif"">Purpose<o:p></o:p></span></p>
<p class="line874" style="background:white"><span style="font-family:"Arial","sans-serif"">The existing insurance requirements of EV Guidelines Section 8.4 were intended to help assure the public that CAs would be financially responsible, but the requirements
for Commercial General Liability and Professional Liability / Errors & Omissions insurance are not well suited for this purpose and do not apply to DV and OV certificates.
<o:p></o:p></span></p>
<p class="line874" style="background:white"><span style="font-family:"Arial","sans-serif";color:black">The current insurance requirements should be replaced by other, more effective financial responsibility requirements that are more directly focused on financial
responsibility for potential harm to subscribers and relying parties from mis-issued certificates of all types. At present, CAs are permitted to limit their potential liability to subscribers and relying parties to $2,000 per EV certificate under EV Guidelines
Section 18 and $0 per DV and OV certificate under Baseline Requirements Section 18.1.<o:p></o:p></span></p>
<p class="line874" style="background:white"><span style="font-family:"Arial","sans-serif";color:black">This ballot (1) deletes the current EV insurance requirements at EV Guidelines Section 8.4, and (2) amends the EV Guidelines and the Baseline Requirements
so that CAs are permitted to limit their potential liability to subscribers and relying parties to $10,000 per EV certificate, $5,000 per OV certificate, and $2,000 per DV certificate. This ballot does not otherwise change whatever legal liability a CA would
or would not have for its certificates under applicable law.<o:p></o:p></span></p>
<p class="line874" style="background:white"><span style="font-family:"Arial","sans-serif";color:black">The Effective Date for these changes is: (1) as to elimination of EV insurance requirement, effective immediately, (2) as to all other changes, effective
as of April 1, 2015 (so CAs have time to change their Subscriber Agreements, CPSs, etc.)<o:p></o:p></span></p>
<p class="line874" style="background:white;orphans: auto;text-align:start;widows: auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<span style="font-family:"Arial","sans-serif";color:black">-- MOTION BEGINS --<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">1. EV Guideline 8.4 is deleted.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">2. EV Guideline Section 18 is amended to read as follows:<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-autospace:none">
<b><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">18. Liability and Indemnification<o:p></o:p></span></b></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-autospace:none">
<span style="font-size:12.0pt;font-family:"Arial","sans-serif"">CAs MAY limit their liability as described in Section 18 of the Baseline Requirements except that a CA MAY NOT limit its liability to Subscribers or Relying Parties for legally recognized and provable
claims to a monetary amount less than <s>two</s> <b><u>ten</u></b> thousand US dollars per Subscriber or Relying Party per EV Certificate.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-autospace:none">
<span style="font-size:12.0pt;font-family:"Arial","sans-serif"">A CA's indemnification obligations and a Root CA’s obligations with respect to subordinate CAs are set forth in the Baseline Requirements.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-autospace:none">
<span style="font-size:12.0pt;font-family:"Arial","sans-serif"">3. Baseline Requirements Section 18.1 is amended to read as follows:<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-autospace:none">
<b><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">18.1 Liability to Subscribers and Relying Parties
<o:p></o:p></span></b></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in;text-autospace:none">
<span style="font-size:12.0pt;font-family:"Arial","sans-serif"">If the CA has issued and managed the Certificate in compliance with these Requirements and its Certificate Policy and/or Certification Practice Statement, the CA MAY disclaim liability to the Certificate
Beneficiaries or any other third parties for any losses suffered as a result of use or reliance on such Certificate beyond those specified in the CA's Certificate Policy and/or Certification Practice Statement. If the CA has not issued or managed the Certificate
in compliance with these Requirements and its Certificate Policy and/or Certification Practice Statement, the CA MAY seek to limit its liability to the Subscriber and to Relying Parties, regardless of the cause of action or legal theory involved, for any and
all claims, losses or damages suffered as a result of the use or reliance on such Certificate by any appropriate means that the CA desires. If the CA chooses to limit its liability for Certificates that are not issued or managed in compliance with these Requirements
or its Certificate Policy and/or Certification Practice Statement, then the CA SHALL include the limitations on liability in the CA’s Certificate Policy and/or Certification Practice Statement.
<b><u>Notwithstanding the foregoing, a CA MAY NOT limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to a monetary amount less than two thousand US dollars per Subscriber or Relying Party per DV Certificate or less
than five thousand US dollars per Subscriber or Relying Party per OV Certificate</u></b>.<o:p></o:p></span></p>
<p class="line874" style="background:white"><span style="font-family:"Arial","sans-serif";color:black">The Effective Date for this Ballot is as follows: (a) as to Section 1 of the Ballot deleting the EV insurance requirements – effective immediately; (b) as
to Sections 2 and 3 of the Ballot, effective as of April 1, 2015.<o:p></o:p></span></p>
<p class="line874" style="background:white"><span style="font-family:"Arial","sans-serif";color:black">-- MOTION ENDS --<o:p></o:p></span></p>
<p class="line874" style="background:white"><span style="font-family:"Arial","sans-serif"">The review period for this ballot shall commence at 2200 UTC on Monday, 1 December 2014, and will close at 2200 UTC on Wednesday, 8 December 2014. Unless the motion is
withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on Wednesday, 15 December 2014. Votes must be cast by posting an on-list reply to this thread.<o:p></o:p></span></p>
<p class="line862" style="background:white"><span style="font-family:"Arial","sans-serif"">A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate
a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here:<span class="apple-converted-space"> </span><a href="https://cabforum.org/members/"><span style="border:none windowtext 1.0pt;padding:0in">https://cabforum.org/members/</span></a><o:p></o:p></span></p>
<p class="line874" style="background:white"><span style="font-family:"Arial","sans-serif"">In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser
category must be in favor. Quorum is currently nine (9) members– at least nine members must participate in the ballot, either by voting in favor, voting against, or abstaining.<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>
<table><tr><td bgcolor=#ffffff><font color=#000000><pre><table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential
and may be subject to copyright or other intellectual property protection.
If you are not the intended recipient, you are not authorized to use or
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table></pre></font></td></tr></table>