[cabfpub] Corrected dates - Ballot 141 – Elimination of EV Insurance Requirement; Financial Responsibility for Mis-Issued Certificates

Håvard Molland haavardm at opera.com
Wed Jan 14 08:59:12 MST 2015


Opera votes yes on 142 and no on 141

Håvard




On 12. jan. 2015 17:55, kirk_hall at trendmicro.com wrote:
>
> As Dean has stated, I included the right dates but wrong days in the 
> reposted ballot.  The corrected dates/days are shown below.
>
> Voting on both ballots begins today (Monday) at 2:00 pm Pacific, 5:00 
> pm Eastern time (2200 UTC), and ends at the same time next Monday, 
> Jan. 19.
>
> */Kirk R. Hall/*
>
> Operations Director, Trust Services
>
> Trend Micro
>
> +1.503.753.3088
>
> *Ballot 141 – Elimination of EV Insurance Requirement; Financial 
> Responsibility for Mis-Issued Certificates*
>
> The following motion has been proposed by Kirk Hall of Trend Micro and 
> endorsed by Robin Alden of Comodo and Dean Coclin of Symantec.
>
> *Purpose*
>
> The existing insurance requirements of EV Guidelines Section 8.4 were 
> intended to help assure the public that CAs would be financially 
> responsible, but the requirements for Commercial General Liability and 
> Professional Liability / Errors & Omissions insurance are not well 
> suited for this purpose and do not apply to DV and OV certificates.
>
> The current insurance requirements should be replaced by other, more 
> effective financial responsibility requirements that are more directly 
> focused on financial responsibility for potential harm to subscribers 
> and relying parties from mis-issued certificates of all types. At 
> present, CAs are permitted to limit their potential liability to 
> subscribers and relying parties to $2,000 per EV certificate under EV 
> Guidelines Section 18 and $0 per DV and OV certificate under Baseline 
> Requirements Section 18.1.
>
> This ballot (1) deletes the current EV insurance requirements at EV 
> Guidelines Section 8.4, and (2) amends the EV Guidelines and the 
> Baseline Requirements so that CAs are permitted to limit their 
> potential liability to subscribers and relying parties to $10,000 per 
> EV certificate, $5,000 per OV certificate, and $2,000 per OV 
> certificate. This ballot does not otherwise change whatever legal 
> liability a CA would or would not have for its certificates under 
> applicable law.
>
> -- MOTION BEGINS --
>
> 1. EV Guideline 8.4 is deleted.
>
> 2. EV Guideline Section 18 is amended to read as follows:
>
> *18. Liability and Indemnification*CAs MAY limit their liability as 
> described in Section 18 of the Baseline Requirements except that a CA 
> MAY NOT limit its liability to Subscribers or Relying Parties for 
> legally recognized and provable claims to a monetary amount less 
> thantwo_ten_thousand US dollars per Subscriber or Relying Party per EV 
> Certificate.
>
> A CA's indemnification obligations and a Root CA’s obligations with 
> respect to subordinate CAs are set forth in the Baseline Requirements.
>
> 3. Baseline Requirements Section 18.1 is amended to read as follows:
>
> *18.1 Liability to Subscribers and Relying Parties*
>
> If the CA has issued and managed the Certificate in compliance with 
> these Requirements and its Certificate Policy and/or Certification 
> Practice Statement, the CA MAY disclaim liability to the Certificate 
> Beneficiaries or any other third parties for any losses suffered as a 
> result of use or reliance on such Certificate beyond those specified 
> in the CA's Certificate Policy and/or Certification Practice 
> Statement. If the CA has not issued or managed the Certificate in 
> compliance with these Requirements and its Certificate Policy and/or 
> Certification Practice Statement, the CA MAY seek to limit its 
> liability to the Subscriber and to Relying Parties, regardless of the 
> cause of action or legal theory involved, for any and all claims, 
> losses or damages suffered as a result of the use or reliance on such 
> Certificate by any appropriate means that the CA desires. If the CA 
> chooses to limit its liability for Certificates that are not issued or 
> managed in compliance with these Requirements or its Certificate 
> Policy and/or Certification Practice Statement, then the CA SHALL 
> include the limitations on liability in the CA’s Certificate Policy 
> and/or Certification Practice Statement._Notwithstanding the 
> foregoing, a CA MAY NOT limit its liability to Subscribers or Relying 
> Parties for legally recognized and provable claims to a monetary 
> amount less than two thousand US dollars per Subscriber or Relying 
> Party per DV Certificate or less than five thousand US dollars per 
> Subscriber or Relying Party per OV Certificate._
>
> -- MOTION ENDS --
>
> The review period for this ballot shall commence at 2200 UTC on 
> Monday, 5 January 2015, and will close at 2200 UTC on Monday, 12 
> January 2015. Unless the motion is withdrawn during the review period, 
> the voting period will start immediately thereafter and will close at 
> 2200 UTC on Monday, 19 January 2015. Votes must be cast by posting an 
> on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the 
> response. A vote against must indicate a clear 'no' in the response. A 
> vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted. The latest vote received from 
> any representative of a voting member before the close of the voting 
> period will be counted. Voting members are listed 
> here:https://cabforum.org/members/
>
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Quorum is 
> currently nine (9) members– at least nine members must participate in 
> the ballot, either by voting in favor, voting against, or abstaining.
>
> TREND MICRO EMAIL NOTICE
> The information contained in this email and any attachments is confidential
> and may be subject to copyright or other intellectual property protection.
> If you are not the intended recipient, you are not authorized to use or
> disclose this information, and we request that you notify us by reply mail or
> telephone and delete the original message from your mail system.
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public


-- 
---
Opera Software

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150114/79689110/attachment-0001.html 


More information about the Public mailing list