[cabfpub] Ballot 121 - EVGL Insurance Requirements

Gervase Markham gerv at mozilla.org
Mon May 5 01:20:45 MST 2014 


On 02/05/14 16:38, kirk_hall at trendmicro.com wrote:
> Gerv (and all) -- I can already tell you that there is no other
> insurance that the Forum could require that is designed to protect
> the public and consumers.  So I won't be able to come up with a
> replacement for the current (nonsensical) requirements for CGL and
> E&O coverage, which also don't protect the public or consumers.
> 
> I would say the burden is on the proponents of keeping an insurance
> requirement to come up with an alternative (but they won't be able to
> do so).

I think the burden is only on them to come up with an alternative if
there is general agreement that the current insurance requirements are
not fit for purpose. That may indeed be so, but it cannot be established
as so by assertion.

> In the meantime, we should eliminate the current requirement, which
> has no meaning.  In the one case we know of where insurance might
> have made a difference to customers (Diginotar), we know the insurer
> denied all coverage because of Diginotar's bad acts, and the Dutch
> bankruptcy court agreed with the insurer -- no coverage at all to
> respond to claims.  What other information do we need?

This argument only holds if you think that, in the same position, every
CA would behave like Diginotar did. Do you believe that?

> This doesn't affect my company -- we don't even have to buy insurance
> under the rules -- but the current rule is very unfair to CAs outside
> the US, and is really just a pointless barrier for many new CAs.

We are all for eliminating barriers to entry.

I think there's a lot of potential support in the Forum for your
position; it just needs the case made a little more carefully.

The message that abolishing these requirements could send is: "CAs admit
that if something goes wrong, it's not their problem". The way to avoid
sending that message is having a good, written case for why they would
never or very rarely help, and why the cons of their existence outweigh
the pros.

One question which may be relevant (although there may be reasons we
can't talk about it): how much do CAs have to pay for insurance to meet
this requirement, that is over and above the insurances they already
have or would choose to have? I know you said for you it's $0.

Gerv

More information about the Public mailing list