[cabfpub] Breach Insurance

Gervase Markham gerv at mozilla.org
Fri Dec 19 13:35:48 UTC 2014

On 18/12/14 23:24, Dean Coclin wrote:
> Thanks Ben. I’m assuming you are posting this with regards to the recent
> insurance debate. Although I was initially opposed to dropping the EV
> Insurance requirement, my thinking has changed as others have posted
> facts about the type of insurance that the EVGL require and
> appropriateness to its intended use. Symantec’s current position would
> be in favor of ballot 142 (Gerv’s elimination ballot). The article you
> linked to below seems to favor a different type of insurance than what
> we currently require. Are you thinking of proposing a change to the
> insurance type (i.e. Cyberbreach/cyberliability insurance)?

It is not just the question of "is it a good idea for CAs to have
insurance of type X?", it's the question of "is it a good idea for the
CAB Forum to mandate that all CAs have insurance of type X?". Those are
different questions.

Given the differing circumstances of CAs and the variety of opinions as
to the value of different insurances, I am not persuaded that insurance
of any sort should be anything more than a CA business decision - i.e.
each CA should take the coverage they think best for their business.


More information about the Public mailing list