[cabfpub] Breach Insurance

Gervase Markham gerv at mozilla.org
Mon Dec 22 17:25:37 UTC 2014

On 22/12/14 17:05, Moudrick M. Dadashov wrote:
> I'm afraid this is not an accurate assumption, actually the auditors
> require ***full*** EVG compliance.

I'm afraid I don't understand your point.

I am saying that if I decide to have "Gerv EV", which requires all CAs
implementing it to change their logos to include a picture of a banana,
then there is no requirement whatsoever for the CAB Forum to update the
EV Guidelines to make the banana thing a requirement for all CAs. That
remains true even if (say) over half of the CAs in the forum choose to
implement Gerv EV and so implement the banana-logo requirement.

What I do (or anyone else does) with CAB Forum standards, external to
the CAB Forum, cannot force the CAB Forum's hand about what it should do.

Does that make sense?


> On 12/22/2014 6:46 PM, Gervase Markham wrote:
>> On 22/12/14 16:34, Stephen Davidson wrote:
>>> An observation that may or may not sway your opinion:  the goal of EV
>>> was to create uniform requirements across CAs, and this proposal will
>>> introduce variation. As I understand it, the "qualified SSL" under
>>> eIDAS are likely to be based on EV.  Thus, a "qualified EV" would
>>> have an insurance level that "normal EV" may not have.
>> If other people want to build standards on EV, we aren't going to stop
>> them. But if they add additional requirements, we can't let that force
>> us to add those requirements also - because otherwise, everyone else
>> would be making the CAB Forum's decisions for us.
>> Gerv
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public

More information about the Public mailing list