[cabfpub] Breach Insurance

Moudrick M. Dadashov md at ssc.lt
Mon Dec 22 18:08:37 UTC 2014


Sorry for  confusion, Gerv, I was responding to Stephen's skepticism.

In regard to Qualified SSL Arno an Inigo know this better but I don't 
expect any significant shift even if someday today's EVCP becomes 
Qualified SSL. If they declare it is equal to EV SSL that means all EVG 
requirements apply without any exceptions. However this doesn't prevent 
them to have extra requirements for Qualified SSL.

Thanks,
M.D.

On 12/22/2014 7:25 PM, Gervase Markham wrote:
> On 22/12/14 17:05, Moudrick M. Dadashov wrote:
>> I'm afraid this is not an accurate assumption, actually the auditors
>> require ***full*** EVG compliance.
> I'm afraid I don't understand your point.
>
> I am saying that if I decide to have "Gerv EV", which requires all CAs
> implementing it to change their logos to include a picture of a banana,
> then there is no requirement whatsoever for the CAB Forum to update the
> EV Guidelines to make the banana thing a requirement for all CAs. That
> remains true even if (say) over half of the CAs in the forum choose to
> implement Gerv EV and so implement the banana-logo requirement.
>
> What I do (or anyone else does) with CAB Forum standards, external to
> the CAB Forum, cannot force the CAB Forum's hand about what it should do.
>
> Does that make sense?
>
> Gerv
>
>> On 12/22/2014 6:46 PM, Gervase Markham wrote:
>>> On 22/12/14 16:34, Stephen Davidson wrote:
>>>> An observation that may or may not sway your opinion:  the goal of EV
>>>> was to create uniform requirements across CAs, and this proposal will
>>>> introduce variation. As I understand it, the "qualified SSL" under
>>>> eIDAS are likely to be based on EV.  Thus, a "qualified EV" would
>>>> have an insurance level that "normal EV" may not have.
>>> If other people want to build standards on EV, we aren't going to stop
>>> them. But if they add additional requirements, we can't let that force
>>> us to add those requirements also - because otherwise, everyone else
>>> would be making the CAB Forum's decisions for us.
>>>
>>> Gerv
>>>
>>> _______________________________________________
>>> Public mailing list
>>> Public at cabforum.org
>>> https://cabforum.org/mailman/listinfo/public
>>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3653 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141222/eb7cd6bc/attachment-0001.p7s>


More information about the Public mailing list