[cabfpub] Ballot 142 - Elimination of EV Insurance Requirement

Jeremy Rowley jeremy.rowley at digicert.com
Wed Dec 3 14:38:26 UTC 2014

Just to clarify - this week is not the CAB Forum call – it’s the working group calls.  Next week is the Forum call.

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi
Sent: Wednesday, December 3, 2014 7:25 AM
To: kirk_hall at trendmicro.com
Subject: Re: [cabfpub] Ballot 142 - Elimination of EV Insurance Requirement

On Wed, Dec 3, 2014 at 2:44 AM, kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com> <kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com>> wrote:

So it looks like there were hurt feelings on both parts – I was unhappy that Mozilla would not honor my request for time to post my ballot on the issue (which covered both insurance and new financial responsibility requirements, which are linked in my mind, as previously explained), and Gerv was unhappy that I would not post his ballot for him upon request.  (Others could have posted the ballot for Gerv as well.)

To move past that, I’ll remove Section 1 of my Ballot (relating to elimination of the EV insurance requirement) so Gerv’s ballot will be the exclusive one on that topic.  Both ballots can proceed together, but I would urge members to vote yes on both, as we are removing one intended financial responsibility safeguard (EV insurance, which we have come to see is not very effective) and should substitute another  more valuable financial responsibility safeguard (limiting a CA’s ability to disclaim all liability for its mis-issued certs that cause damage to subscribers and the public).

The new requirement in Ballot certainly is not a "pointless barrier to entry" as suggested below, but a very valuable safeguard to the public that will help reinforce the value of public CAs over self-signed certs and should be a no-brainer for browsers -- it clearly protects their users from CA errors -- and very valuable for CAs as well to establish their worth.

I'll be happy to discuss this further on our call Thursday and on this list.

Regrettably, I won't be able to make this Thursday's call. I think the way these ballots have been handled is deeply unfortunate, and I'm disappointed that I won't be able to make the discussion on how we to avoid these sort of situations of competing interests in the future.

To the ballots at hand, it should come as no surprise that we share Gerv's concerns that this is, indeed, a "pointless barrier to entry" as it has been called. We do not believe it will provide any meaningful protection for our users - or indeed, for ANY users - from CA errors, as Kirk has suggested, and that's a point we've repeatedly expressed and discussed in the past, on the list and on the calls.

As I'll be unable to make and discuss these points further - although I think at this point it's clear that the discussion on adding liabilities is not meaningfully or productively making progress - I'd like to request that whomever is taking minutes to take detailed minutes so that the discussion can be reviewed following the call.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141203/0b9b86ec/attachment-0003.html>

More information about the Public mailing list