<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">I fully agree with Ryan, we should move
on with Gerv's proposal (ballot 142). Indeed, elimination of
insurance is a separate issue.<br>
<br>
That said, I also support Kirk's efforts on financial stability,
possibly business continuity and cancellation provisions. <br>
<br>
<span style="color:windowtext">In addition to the ballot 141, I'm
working with Kirk on financial responsibility, including making
arrangements to continue its CRLs and OCSP responders and its
vetting records for certificates issued, after the CA terminates
its operations.</span><br>
<br>
Thanks,<br>
M.D.<br>
<br>
On 12/3/2014 4:48 PM, Ryan Sleevi wrote:<br>
</div>
<blockquote
cite="mid:CACvaWvYkPzp2Y4oOHBO__7=r+PoRc5aG827+A5EpGVXK5=yENA@mail.gmail.com"
type="cite">
<div dir="ltr">Thanks for pointing this out Jeremy. Looks like my
calendar got confused by the invites sent to the management
list.
<div><br>
</div>
<div>In that case, it's less clear to me where we are at with
this discussion. Kirk has suggested twice we delay this
discussion until Thursday, but if our calls are not this
Thursday, t hen such a delay seems unnecessary.</div>
<div><br>
</div>
<div>For an issue that has been presented as causing ongoing
pain for CAs (c.f. <a moz-do-not-send="true"
href="https://cabforum.org/pipermail/public/2014-October/004148.html">https://cabforum.org/pipermail/public/2014-October/004148.html</a>
), and that we should vote to make SOME progress on it, I feel
like delaying up to another month (a week for a call, up to a
week for any ballot modifications, a week for review, and a
week for voting) would be unwise.</div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Dec 3, 2014 at 2:38 PM,
Jeremy Rowley <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:jeremy.rowley@digicert.com"
target="_blank">jeremy.rowley@digicert.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span
style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Just
to clarify - this week is not the CAB Forum call
– it’s the working group calls. Next week is
the Forum call.</span></p>
<p class="MsoNormal"><span
style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
name="14a10968aa8458a0__MailEndCompose"><span
style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"> </span></a></p>
<p class="MsoNormal"><b><span
style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span
style="font-size:11pt;font-family:Calibri,sans-serif"> <a
moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org"
target="_blank">public-bounces@cabforum.org</a>
[mailto:<a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org"
target="_blank">public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Ryan Sleevi<br>
<b>Sent:</b> Wednesday, December 3, 2014 7:25 AM<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:kirk_hall@trendmicro.com"
target="_blank">kirk_hall@trendmicro.com</a><br>
<b>Cc:</b> CABFPub<span class=""><br>
<b>Subject:</b> Re: [cabfpub] Ballot 142 -
Elimination of EV Insurance Requirement</span></span></p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">On Wed, Dec 3, 2014 at
2:44 AM, <a moz-do-not-send="true"
href="mailto:kirk_hall@trendmicro.com"
target="_blank">
kirk_hall@trendmicro.com</a> <<a
moz-do-not-send="true"
href="mailto:kirk_hall@trendmicro.com"
target="_blank">kirk_hall@trendmicro.com</a>>
wrote:</p>
<div>
<div class="h5">
<blockquote style="border-style:none none
none
solid;border-left-color:rgb(204,204,204);border-left-width:1pt;padding:0in
0in 0in
6pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p>So it looks like there were hurt
feelings on both parts – I was
unhappy that Mozilla would not
honor my request for time to post
my ballot on the issue (which
covered both insurance and new
financial responsibility
requirements, which are linked in
my mind, as previously explained),
and Gerv was unhappy that I would
not post his ballot for him upon
request. (Others could have
posted the ballot for Gerv as
well.)</p>
<p> </p>
<p>To move past that, I’ll <u>remove</u>
Section 1 of my Ballot (relating
to elimination of the EV insurance
requirement) so Gerv’s ballot will
be the exclusive one on that
topic. Both ballots can proceed
together, but I would urge members
to vote yes on both, as we are
removing one intended financial
responsibility safeguard (EV
insurance, which we have come to
see is not very effective) and
should substitute another more
valuable financial responsibility
safeguard (limiting a CA’s ability
to disclaim all liability for its
mis-issued certs that cause damage
to subscribers and the public). </p>
<p> </p>
<p>The new requirement in Ballot
certainly is not a "pointless
barrier to entry" as suggested
below, but a very valuable
safeguard to the public that will
help reinforce the value of public
CAs over self-signed certs and
should be a no-brainer for
browsers -- it clearly protects
their users from CA errors -- and
very valuable for CAs as well to
establish their worth.
</p>
<p> </p>
<p>I'll be happy to discuss this
further on our call Thursday and
on this list.</p>
<p> </p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Regrettably, I
won't be able to make this Thursday's
call. I think the way these ballots
have been handled is deeply
unfortunate, and I'm disappointed that
I won't be able to make the discussion
on how we to avoid these sort of
situations of competing interests in
the future.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">To the ballots at
hand, it should come as no surprise
that we share Gerv's concerns that
this is, indeed, a "pointless barrier
to entry" as it has been called. We do
not believe it will provide any
meaningful protection for our users -
or indeed, for ANY users - from CA
errors, as Kirk has suggested, and
that's a point we've repeatedly
expressed and discussed in the past,
on the list and on the calls.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">As I'll be unable
to make and discuss these points
further - although I think at this
point it's clear that the discussion
on adding liabilities is not
meaningfully or productively making
progress - I'd like to request that
whomever is taking minutes to take
detailed minutes so that the
discussion can be reviewed following
the call.</p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal">Cheers,</p>
</div>
<div>
<p class="MsoNormal">Ryan</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>