[cabfpub] Ballot 142 - Elimination of EV Insurance Requirement

Ryan Sleevi sleevi at google.com
Wed Dec 3 14:48:58 UTC 2014


Thanks for pointing this out Jeremy. Looks like my calendar got confused by
the invites sent to the management list.

In that case, it's less clear to me where we are at with this discussion.
Kirk has suggested twice we delay this discussion until Thursday, but if
our calls are not this Thursday, then such a delay seems unnecessary.

For an issue that has been presented as causing ongoing pain for CAs (c.f.
https://cabforum.org/pipermail/public/2014-October/004148.html ), and that
we should vote to make SOME progress on it, I feel like delaying up to
another month (a week for a call, up to a week for any ballot
modifications, a week for review, and a week for voting) would be unwise.

On Wed, Dec 3, 2014 at 2:38 PM, Jeremy Rowley <jeremy.rowley at digicert.com>
wrote:

>  Just to clarify - this week is not the CAB Forum call – it’s the working
> group calls.  Next week is the Forum call.
>
>
>
>
>
> *From:* public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] *On
> Behalf Of *Ryan Sleevi
> *Sent:* Wednesday, December 3, 2014 7:25 AM
> *To:* kirk_hall at trendmicro.com
> *Cc:* CABFPub
> *Subject:* Re: [cabfpub] Ballot 142 - Elimination of EV Insurance
> Requirement
>
>
>
>
>
>
>
> On Wed, Dec 3, 2014 at 2:44 AM, kirk_hall at trendmicro.com <
> kirk_hall at trendmicro.com> wrote:
>
>  So it looks like there were hurt feelings on both parts – I was unhappy
> that Mozilla would not honor my request for time to post my ballot on the
> issue (which covered both insurance and new financial responsibility
> requirements, which are linked in my mind, as previously explained), and
> Gerv was unhappy that I would not post his ballot for him upon request.
> (Others could have posted the ballot for Gerv as well.)
>
>
>
> To move past that, I’ll *remove* Section 1 of my Ballot (relating to
> elimination of the EV insurance requirement) so Gerv’s ballot will be the
> exclusive one on that topic.  Both ballots can proceed together, but I
> would urge members to vote yes on both, as we are removing one intended
> financial responsibility safeguard (EV insurance, which we have come to see
> is not very effective) and should substitute another  more valuable
> financial responsibility safeguard (limiting a CA’s ability to disclaim all
> liability for its mis-issued certs that cause damage to subscribers and the
> public).
>
>
>
> The new requirement in Ballot certainly is not a "pointless barrier to
> entry" as suggested below, but a very valuable safeguard to the public that
> will help reinforce the value of public CAs over self-signed certs and
> should be a no-brainer for browsers -- it clearly protects their users from
> CA errors -- and very valuable for CAs as well to establish their worth.
>
>
>
> I'll be happy to discuss this further on our call Thursday and on this
> list.
>
>
>
>
>
> Regrettably, I won't be able to make this Thursday's call. I think the way
> these ballots have been handled is deeply unfortunate, and I'm disappointed
> that I won't be able to make the discussion on how we to avoid these sort
> of situations of competing interests in the future.
>
>
>
> To the ballots at hand, it should come as no surprise that we share Gerv's
> concerns that this is, indeed, a "pointless barrier to entry" as it has
> been called. We do not believe it will provide any meaningful protection
> for our users - or indeed, for ANY users - from CA errors, as Kirk has
> suggested, and that's a point we've repeatedly expressed and discussed in
> the past, on the list and on the calls.
>
>
>
> As I'll be unable to make and discuss these points further - although I
> think at this point it's clear that the discussion on adding liabilities is
> not meaningfully or productively making progress - I'd like to request that
> whomever is taking minutes to take detailed minutes so that the discussion
> can be reviewed following the call.
>
>
>
> Cheers,
>
> Ryan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141203/89e94db9/attachment-0003.html>


More information about the Public mailing list