<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">FYI: <br>
      <br>
      <div data-canvas-width="173.35241280000002" style="left:
        67.9204px; top: 541.272px; font-size: 19.152px; font-family:
        sans-serif; transform: scale(1.7153, 1); transform-origin: 0% 0%
        0px;">6.4 Liability </div>
      <div data-canvas-width="282.16042559999994" style="left:
        340.657px; top: 572.733px; font-size: 11.952px; font-family:
        serif; transform: scale(1.00802, 1); transform-origin: 0% 0%
        0px;">Auditors should verify the procedures to provide assurance
        of minimum levels of liability, insurance coverage, etc. </div>
      <div data-canvas-width="574.7418000000001" style="left: 67.9204px;
        top: 586.413px; font-size: 11.952px; font-family: serif;
        transform: scale(1.00468, 1); transform-origin: 0% 0% 0px;">according
        to section 7.1.3 of EVCG [i.2] regarding the minimum assets
        covered for liability <span class="highlight selected">insur</span>ance
        and section 15.2 </div>
      <div data-canvas-width="540.6140591999999" style="left: 67.9204px;
        top: 600.237px; font-size: 11.952px; font-family: serif;
        transform: scale(1.00607, 1); transform-origin: 0% 0% 0px;">of
        EVCG [i.2] related to EV certificates limitations liability. For
        the purpose of insurance cover the auditor may </div>
      <div data-canvas-width="320.5394927999999" style="left: 67.9204px;
        top: 614.06px; font-size: 11.952px; font-family: serif;
        transform: scale(1.0066, 1); transform-origin: 0% 0% 0px;">consider
        equivalent minimum liability cover in the local currency. </div>
      <br>
      Source:<small><small><small><br>
          </small></small></small>
      <div data-canvas-width="83.14457760000002" style="left: 506.4px;
        top: 61.0321px; font-size: 19.152px; font-family: sans-serif;
        transform: scale(1.01914, 1); transform-origin: 0% 0% 0px;"><small><small><small>ETSI
              TR 101 564 V1.1.1  (2011-09)</small></small></small></div>
      <div class="" data-canvas-width="233.47321919999996" style="left:
        355.489px; top: 429.606px; font-size: 20.448px; font-family:
        sans-serif; transform: scale(1.07509, 1); transform-origin: 0%
        0% 0px;"><small><small><small>Electronic Signatures and
              Infrastructures (ESI);</small></small></small></div>
      <div class="" data-canvas-width="601.9011936" style="left:
        60.7204px; top: 453.078px; font-size: 20.448px; font-family:
        sans-serif; transform: scale(1.05504, 1); transform-origin: 0%
        0% 0px;"><small><small><small>Guidance on ETSI TS 102 042 for
              Issuing Extended Validation </small></small></small></div>
      <div data-canvas-width="340.00729920000003" style="left:
        191.616px; top: 477.558px; font-size: 20.448px; font-family:
        sans-serif; transform: scale(1.07569, 1); transform-origin: 0%
        0% 0px;"><small><small><small>Certificates for Auditors and CSPs
            </small></small></small></div>
      <br>
      Thanks,<br>
      M.D.<br>
      <br>
      On 12/22/2014 6:34 PM, Stephen Davidson wrote:<br>
    </div>
    <blockquote
cite="mid:CAA5A5DD4103604CBCF5A9DFEA0E75D19F16AF12@qvgoex01.qvglobal.local"
      type="cite">
      <pre wrap="">An observation that may or may not sway your opinion:  the goal of EV was to create uniform requirements across CAs, and this proposal will introduce variation.  
As I understand it, the "qualified SSL" under eIDAS are likely to be based on EV.  Thus, a "qualified EV" would have an insurance level that "normal EV" may not have.

Best, Stephen


-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a class="moz-txt-link-freetext" href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] On Behalf Of Ben Wilson
Sent: Monday, December 22, 2014 12:09 PM
To: Gervase Markham; <a class="moz-txt-link-abbreviated" href="mailto:i-barreira@izenpe.net">i-barreira@izenpe.net</a>; <a class="moz-txt-link-abbreviated" href="mailto:Dean_Coclin@symantec.com">Dean_Coclin@symantec.com</a>; <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a>
Subject: Re: [cabfpub] Breach Insurance

Understood.  I just need to talk with Iņigo and any other European CAs to understand better about their concerns.

-----Original Message-----
From: Gervase Markham [<a class="moz-txt-link-freetext" href="mailto:gerv@mozilla.org">mailto:gerv@mozilla.org</a>] 
Sent: Monday, December 22, 2014 8:37 AM
To: Ben Wilson; <a class="moz-txt-link-abbreviated" href="mailto:i-barreira@izenpe.net">i-barreira@izenpe.net</a>; <a class="moz-txt-link-abbreviated" href="mailto:Dean_Coclin@symantec.com">Dean_Coclin@symantec.com</a>; <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a>
Subject: Re: [cabfpub] Breach Insurance

On 22/12/14 15:24, Ben Wilson wrote:
</pre>
      <blockquote type="cite">
        <pre wrap="">My proposal is all about making more information publicly available.
</pre>
      </blockquote>
      <pre wrap="">
Right. That wasn't a dig at your proposal. I don't think a disclosure requirement is particularly onerous (open to arguments...), so I'm OK with that.

Gerv
</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>