[cabfpub] Ballot 133 - Insurance Requirements for EV Issuers

Dean Coclin Dean_Coclin at symantec.com
Tue Oct 21 13:27:51 UTC 2014

Symantec votes YES.

Dean Coclin


From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of i-barreira at izenpe.net
Sent: Tuesday, October 21, 2014 2:56 AM
To: eddy_nigg at startcom.org; ben.wilson at digicert.com; public at cabforum.org
Subject: Re: [cabfpub] Ballot 133 - Insurance Requirements for EV Issuers


Izenpe votes YES



Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net



Descripción: cid:image001.png at 01CE3152.B4804EB0

ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea.
Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki
idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna.
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la
que solo tiene derecho a acceder el destinatario. Si usted lo recibe por
error le agradeceriamos que no hiciera uso de la informacion y que se
pusiese en contacto con el remitente.


De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En
nombre de Eddy Nigg
Enviado el: lunes, 20 de octubre de 2014 18:21
Para: Ben Wilson; CABFPub
Asunto: Re: [cabfpub] Ballot 133 - Insurance Requirements for EV Issuers


StartCom votes YES

On 10/08/2014 07:08 PM, Ben Wilson wrote:

Ballot 133 - Insurance Requirements for EV Issuers 

The following motion has been proposed by Ben Wilson of Digicert and
endorsed by Atilla Biler of Turktrust and Dean Coclin of Symantec.


The purpose of this ballot is to simplify the insurance requirements in
section 8.4 of the EV Guidelines by replacing commercial general liability
in (A) with an ordinary property casualty insurance requirement and to
simplify third party liability coverage in (B) and reduce the required
amount of that coverage down to $3 million. This should make it easier for
CAs to obtain insurance required by the EV Guidelines. 


1. Amend the second paragraph of Section 8.1 as follows: 

If a court or government body with jurisdiction over the activities covered
by these Guidelines determines that the performance of any mandatory
requirement is illegal or would conflict with local law, then such
requirement is considered reformed to the minimum extent necessary to make
the requirement valid and legal. This applies only to operations, or
certificate issuances, or insurance requirements that are subject to the
laws of that jurisdiction. The parties involved SHALL notify the CA /
Browser Forum of the facts, circumstances, and law(s) involved, so that the
CA/Browser Forum may revise these Guidelines accordingly. 

2. Amend Section 8.4 as follows:

8.4.  Insurance 

Each CA SHALL maintain the following insurance related to their its
respective performance and obligations under these Guidelines:

(A) Property insurance for casualty/perils of fire, water, electrical
failure, and natural disaster in sufficient amount to cover damage or loss
to physical assets used to issue and maintain EV Certificates, Commercial
General Liability insurance (occurrence form) with policy limits of at least
two million US dollars in coverage; and 

(B) Professional Liability, Errors and Omissions insurance, with policy
limits of at least five three million US dollars in coverage, per claim and
in the aggregate, and including coverage for (i) claims for direct damages
arising out of an negligent act, error, or omission, unintentional breach of
contract, or neglect in issuing or maintaining EV Certificates, and (ii)
claims for damages arising out of infringement of the proprietary rights of
any third party (excluding copyright, and trademark infringement), and
invasion of privacy and advertising injury.

(1) Such insurance MUST NOT exclude coverage when providing cryptographic,
digital signature, or public key infrastructure services; 


(2) Such insurance must:

(i) be maintained for all periods during which an EV Certificate issued by
the CA is still valid (and if coverage is canceled or not renewed, the CA
shall purchase an extended reporting period for such periods);

(ii) include coverage for those territories where the CA provides EV
Certificates; and

(iii) be with a company rated good or better by Standard & Poor's, A.M. no
less than A- as to Policy Holder’s Rating in the current edition of Best's
Insurance Guide, Fitch, Moody's, DBRS, Japan Credit Rating Agency,
Creditreform, Scope Ratings, or another similarly recognized insurance
rating agency (or with an association of companies each of the members of
which are so rated).

If available at reasonable cost, a CA SHOULD maintain coverage for damage or
loss to data, software, systems, and for business interruption due to IT
security failure, malware, network attack, criminal hacker, or theft. 

A CA MAY self-insure for liabilities that arise from such party's
performance and obligations under these Guidelines provided that it has at
least five hundred million US dollars in liquid current assets based on
audited financial statements in the past twelve months, and a quick ratio
(ratio of liquid current assets to current liabilities) of not less than


The review period for this ballot shall commence at 2200 UTC on Wednesday, 8
October 2014, and will close at 2200 UTC on Wednesday, 15 October 2014.
Unless the motion is withdrawn during the review period, the voting period
will start immediately thereafter and will close at 2200 UTC on Wednesday,
22 October 2014. Votes must be cast by posting an on-list reply to this

A vote in favor of the motion must indicate a clear 'yes' in the response. A
vote against must indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear responses will not
be counted. The latest vote received from any representative of a voting
member before the close of the voting period will be counted. Voting members
are listed here: https://cabforum.org/members/ 

In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and greater than 50% of the votes cast by
members in the browser category must be in favor. Quorum is currently nine
(9) members– at least nine members must participate in the ballot, either by
voting in favor, voting against, or abstaining. 

Public mailing list
Public at cabforum.org






Eddy Nigg, COO/CTO


StartCom Ltd. <http://www.startcom.org> 


startcom at startcom.org


Join the Revolution! <http://blog.startcom.org> 


Follow Me <http://twitter.com/eddy_nigg> 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141021/7f4e2255/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 19121 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141021/7f4e2255/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6130 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141021/7f4e2255/attachment-0001.p7s>

More information about the Public mailing list