[cabfpub] Reasons in support of Ballot 141

Tim Hollebeek THollebeek at trustwave.com
Thu Dec 11 09:05:18 MST 2014 

Is Ballot 141 a potential barrier to entry for new CAs?

In a word, no.

Ballot 141 does not cost a new CA – or an existing CA – one penny.

Though I’m not sure what Trustwave’s position on 141 will eventually be, since there are lots of complex issues that need to be considered, if you are restricted to one word, that word was “yes”, not “no”.  This is because 141 extends financial liability requirements for EV to OV and DV.  In my opinion, this is something that should be seriously considered, but it does have serious implications for the issuance of OV and DV certificates beyond what exists today.  So 141 does increase liabilities for existing CAs, and hence it does increase costs.

My personal opinion – speaking for myself – is that if there is a minimum non-disclaimed liability, $2000/$5000/$10000 should be something more along the lines of $100/$1000/$10000.  CAs are of course able to have higher numbers than the minimum number if they feel that’s appropriate, so Trend Micro could still go with $2000/$5000/$10000 if they feel that’s appropriate.  A forward looking CA could even issue OV certs with validation, terms and guarantees that were higher that EV.  Browsers could value such “gold standard” OV certs (which would perhaps be required to use CAA + CT + SHA-256 + etc) as highly or even more highly than standard EV, instead of repeatedly saying OV is just as insecure as DV (and thus making their statements a self-fulfilling prophecy).

It’s not clear to me what the right answer here is.  Though it is very clear to me that “if it’s not EV, it’s crap” is the wrong answer.
-Tim


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141211/407398f8/attachment.html

More information about the Public mailing list