<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><a name="_MailEndCompose"><span style='color:windowtext'>All of the provisions would provide optional caps that CAs could place on EV liability. The 12-month $5 Million cap allows a CA to cap all EV liability to all those EV certificates issued within a single year. <o:p></o:p></span></a></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span style='color:windowtext'><o:p> </o:p></span></span></p><div><p class=MsoNormal style='margin-bottom:2.0pt'><span style='mso-bookmark:_MailEndCompose'><b><span style='font-family:"Arial",sans-serif;color:#0174C3'>Ben Wilson, JD, CISA, CISSP<o:p></o:p></span></b></span></p><p class=MsoNormal style='margin-bottom:2.0pt'><span style='mso-bookmark:_MailEndCompose'><span style='font-family:"Arial",sans-serif;color:#686869'>VP Compliance<o:p></o:p></span></span></p><p class=MsoNormal style='margin-bottom:2.0pt'><span style='mso-bookmark:_MailEndCompose'><span style='font-family:"Arial",sans-serif;color:#686869'>+1 801 701 9678<o:p></o:p></span></span></p><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span style='color:windowtext'><img width=133 height=29 style='width:1.3875in;height:.3in' id="_x0000_i1027" src="cid:image004.jpg@01D30563.1BE797A0"><o:p></o:p></span></span></p></div><p class=MsoNormal><span style='mso-bookmark:_MailEndCompose'><span style='color:windowtext'><o:p> </o:p></span></span></p><span style='mso-bookmark:_MailEndCompose'></span><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='color:windowtext'>From:</span></b><span style='color:windowtext'> Moudrick M. Dadashov [mailto:md@ssc.lt] <br><b>Sent:</b> Tuesday, July 25, 2017 4:24 PM<br><b>To:</b> Ben Wilson <ben.wilson@digicert.com>; CA/Browser Forum Public Discussion List <public@cabforum.org><br><b>Subject:</b> Re: [cabfpub] Pre-Ballot 209 EV Liability<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-family:"Cambria",serif'>Ok. Do I understand the intention correctly: to have a "floating liability" amount per EV certificate and "fixed liability" amount per continuous 12-month period?<br><br>Thanks,<br>M.D.<br><br></span><o:p></o:p></p><div><p class=MsoNormal>On 7/26/2017 1:10 AM, Ben Wilson wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><span style='color:windowtext'>No. Because they MAY do both. An “or” would mean that they have to choose between the two, which isn’t the intent.</span><o:p></o:p></p><p class=MsoNormal><span style='color:windowtext'> </span><o:p></o:p></p><div><p class=MsoNormal style='margin-bottom:2.0pt'><b><span style='font-family:"Arial",sans-serif;color:#0174C3'>Ben Wilson, JD, CISA, CISSP</span></b><o:p></o:p></p><p class=MsoNormal style='margin-bottom:2.0pt'><span style='font-family:"Arial",sans-serif;color:#686869'>VP Compliance</span><o:p></o:p></p><p class=MsoNormal style='margin-bottom:2.0pt'><span style='font-family:"Arial",sans-serif;color:#686869'>+1 801 701 9678</span><o:p></o:p></p><p class=MsoNormal><span style='color:windowtext'><img width=133 height=29 style='width:1.3833in;height:.3041in' id="_x0000_i1025" src="cid:image005.jpg@01D30563.1BE797A0"></span><o:p></o:p></p></div><p class=MsoNormal><span style='color:windowtext'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='color:windowtext'>From:</span></b><span style='color:windowtext'> Moudrick M. Dadashov [<a href="mailto:md@ssc.lt">mailto:md@ssc.lt</a>] <br><b>Sent:</b> Tuesday, July 25, 2017 4:09 PM<br><b>To:</b> Ben Wilson <a href="mailto:ben.wilson@digicert.com"><ben.wilson@digicert.com></a>; CA/Browser Forum Public Discussion List <a href="mailto:public@cabforum.org"><public@cabforum.org></a><br><b>Subject:</b> Re: [cabfpub] Pre-Ballot 209 EV Liability</span><o:p></o:p></p></div></div><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-family:"Cambria",serif'>Hi Ben,<br><br>could it be "or" between (1) and (2)?<br><br>Thanks,<br>M.D.</span><o:p></o:p></p><div><p class=MsoNormal>On 7/25/2017 11:59 PM, Ben Wilson via Public wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Here is another pre-ballot for discussion.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><b>Ballot 209 - EV Liability</b><o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>In Section 18 of the EV Guidelines, add the following sentences to the end of the first paragraph:<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Notwithstanding the foregoing, a CA MAY limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to: (1) one hundred thousand US dollars – aggregated across all claims, Subscribers, and Relying Parties – per EV Certificate; and (2) five million US dollars – aggregated across all claims, Subscribers, and Relying Parties – for all EV Certificates issued by the CA during any continuous 12-month period. These limitations are notwithstanding anything in the Baseline Requirements purportedly to the contrary.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Such that Section 18 of the EV Guidelines would read:<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>CAs MAY limit their liability as described in Section 9.8 of the Baseline Requirements except that a CA MAY NOT limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to a monetary amount less than two thousand US dollars per Subscriber or Relying Party per EV Certificate. <u>Notwithstanding the foregoing, a CA MAY limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to: (1) one hundred thousand US dollars – aggregated across all claims, Subscribers, and Relying Parties – per EV Certificate; and (2) five million US dollars – aggregated across all claims, Subscribers, and Relying Parties – for all EV Certificates issued by the CA during any continuous 12-month period. These limitations are notwithstanding anything in the Baseline Requirements purportedly to the contrary</u>.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>A CA's indemnification obligations and a Root CA’s obligations with respect to subordinate CAs are set forth in Section 9.9 of the Baseline Requirements.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal style='margin-bottom:2.0pt'><b><span style='font-family:"Arial",sans-serif;color:#0174C3'>Ben Wilson, JD, CISA, CISSP</span></b><o:p></o:p></p><p class=MsoNormal style='margin-bottom:2.0pt'><span style='font-family:"Arial",sans-serif;color:#686869'>VP Compliance</span><o:p></o:p></p><p class=MsoNormal style='margin-bottom:2.0pt'><span style='font-family:"Arial",sans-serif;color:#686869'>+1 801 701 9678</span><o:p></o:p></p><p class=MsoNormal><img border=0 width=133 height=29 style='width:1.3875in;height:.3in' id="Picture_x0020_1" src="cid:image006.jpg@01D30563.1BE797A0"><o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><br><br><br><br><o:p></o:p></p><pre>_______________________________________________<o:p></o:p></pre><pre>Public mailing list<o:p></o:p></pre><pre><a href="mailto:Public@cabforum.org">Public@cabforum.org</a><o:p></o:p></pre><pre><a href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></pre></blockquote><p class=MsoNormal> <o:p></o:p></p></blockquote><p class=MsoNormal><o:p> </o:p></p></div></body></html>