[cabfpub] Ballot 142 - Elimination of EV Insurance Requirement

Moudrick M. Dadashov md at ssc.lt
Wed Dec 3 17:46:12 UTC 2014

I fully agree with Ryan, we should move on with Gerv's proposal (ballot 
142). Indeed, elimination of insurance is a separate issue.

That said, I also support Kirk's efforts on financial stability, 
possibly business continuity and cancellation provisions.

In addition to the ballot 141, I'm working with Kirk on financial 
responsibility, including making arrangements to continue its CRLs and 
OCSP responders and its vetting records for certificates issued, after 
the CA terminates its operations.


On 12/3/2014 4:48 PM, Ryan Sleevi wrote:
> Thanks for pointing this out Jeremy. Looks like my calendar got 
> confused by the invites sent to the management list.
> In that case, it's less clear to me where we are at with this 
> discussion. Kirk has suggested twice we delay this discussion until 
> Thursday, but if our calls are not this Thursday, t hen such a delay 
> seems unnecessary.
> For an issue that has been presented as causing ongoing pain for CAs 
> (c.f. https://cabforum.org/pipermail/public/2014-October/004148.html 
> ), and that we should vote to make SOME progress on it, I feel like 
> delaying up to another month (a week for a call, up to a week for any 
> ballot modifications, a week for review, and a week for voting) would 
> be unwise.
> On Wed, Dec 3, 2014 at 2:38 PM, Jeremy Rowley 
> <jeremy.rowley at digicert.com <mailto:jeremy.rowley at digicert.com>> wrote:
>     Just to clarify - this week is not the CAB Forum call -- it's the
>     working group calls.  Next week is the Forum call.
>     *From:*public-bounces at cabforum.org
>     <mailto:public-bounces at cabforum.org>
>     [mailto:public-bounces at cabforum.org
>     <mailto:public-bounces at cabforum.org>] *On Behalf Of *Ryan Sleevi
>     *Sent:* Wednesday, December 3, 2014 7:25 AM
>     *To:* kirk_hall at trendmicro.com <mailto:kirk_hall at trendmicro.com>
>     *Cc:* CABFPub
>     *Subject:* Re: [cabfpub] Ballot 142 - Elimination of EV Insurance
>     Requirement
>     On Wed, Dec 3, 2014 at 2:44 AM, kirk_hall at trendmicro.com
>     <mailto:kirk_hall at trendmicro.com> <kirk_hall at trendmicro.com
>     <mailto:kirk_hall at trendmicro.com>> wrote:
>         So it looks like there were hurt feelings on both parts -- I
>         was unhappy that Mozilla would not honor my request for time
>         to post my ballot on the issue (which covered both insurance
>         and new financial responsibility requirements, which are
>         linked in my mind, as previously explained), and Gerv was
>         unhappy that I would not post his ballot for him upon
>         request.  (Others could have posted the ballot for Gerv as well.)
>         To move past that, I'll _remove_ Section 1 of my Ballot
>         (relating to elimination of the EV insurance requirement) so
>         Gerv's ballot will be the exclusive one on that topic.  Both
>         ballots can proceed together, but I would urge members to vote
>         yes on both, as we are removing one intended financial
>         responsibility safeguard (EV insurance, which we have come to
>         see is not very effective) and should substitute another  more
>         valuable financial responsibility safeguard (limiting a CA's
>         ability to disclaim all liability for its mis-issued certs
>         that cause damage to subscribers and the public).
>         The new requirement in Ballot certainly is not a "pointless
>         barrier to entry" as suggested below, but a very valuable
>         safeguard to the public that will help reinforce the value of
>         public CAs over self-signed certs and should be a no-brainer
>         for browsers -- it clearly protects their users from CA errors
>         -- and very valuable for CAs as well to establish their worth.
>         I'll be happy to discuss this further on our call Thursday and
>         on this list.
>     Regrettably, I won't be able to make this Thursday's call. I think
>     the way these ballots have been handled is deeply unfortunate, and
>     I'm disappointed that I won't be able to make the discussion on
>     how we to avoid these sort of situations of competing interests in
>     the future.
>     To the ballots at hand, it should come as no surprise that we
>     share Gerv's concerns that this is, indeed, a "pointless barrier
>     to entry" as it has been called. We do not believe it will provide
>     any meaningful protection for our users - or indeed, for ANY users
>     - from CA errors, as Kirk has suggested, and that's a point we've
>     repeatedly expressed and discussed in the past, on the list and on
>     the calls.
>     As I'll be unable to make and discuss these points further -
>     although I think at this point it's clear that the discussion on
>     adding liabilities is not meaningfully or productively making
>     progress - I'd like to request that whomever is taking minutes to
>     take detailed minutes so that the discussion can be reviewed
>     following the call.
>     Cheers,
>     Ryan
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141203/5f7c784d/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3653 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141203/5f7c784d/attachment-0001.p7s>

More information about the Public mailing list