[cabfpub] Corrected dates - Ballot 141 - Elimination of EV Insurance Requirement; Financial Responsibility for Mis-Issued Certificates

Fri Jan 16 09:40:36 MST 2015

Comodo votes 'Yes' to Ballot 141.

Robin Alden

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org]
On Behalf Of kirk_hall at trendmicro.com
Sent: 12 January 2015 16:56
To: CABFPub (public at cabforum.org)
Subject: [cabfpub] Corrected dates - Ballot 141 - Elimination of EV
Insurance Requirement; Financial Responsibility for Mis-Issued
Certificates

As Dean has stated, I included the right dates but wrong days in the
reposted ballot.  The corrected dates/days are shown below.

Voting on both ballots begins today (Monday) at 2:00 pm Pacific, 5:00 pm
Eastern time (2200 UTC), and ends at the same time next Monday, Jan. 19.

Kirk R. Hall

Operations Director, Trust Services

Trend Micro

+1.503.753.3088

Ballot 141 - Elimination of EV Insurance Requirement; Financial
Responsibility for Mis-Issued Certificates

The following motion has been proposed by Kirk Hall of Trend Micro and
endorsed by Robin Alden of Comodo and Dean Coclin of Symantec.

Purpose

The existing insurance requirements of EV Guidelines Section 8.4 were
intended to help assure the public that CAs would be financially
responsible, but the requirements for Commercial General Liability and
Professional Liability / Errors & Omissions insurance are not well
suited for this purpose and do not apply to DV and OV certificates.

The current insurance requirements should be replaced by other, more
effective financial responsibility requirements that are more directly
focused on financial responsibility for potential harm to subscribers
and relying parties from mis-issued certificates of all types. At
present, CAs are permitted to limit their potential liability to
subscribers and relying parties to $2,000 per EV certificate under EV
Guidelines Section 18 and $0 per DV and OV certificate under Baseline
Requirements Section 18.1.

This ballot (1) deletes the current EV insurance requirements at EV
Guidelines Section 8.4, and (2) amends the EV Guidelines and the
Baseline Requirements so that CAs are permitted to limit their potential
liability to subscribers and relying parties to $10,000 per EV
certificate, $5,000 per OV certificate, and $2,000 per OV certificate.
This ballot does not otherwise change whatever legal liability a CA
would or would not have for its certificates under applicable law.

-- MOTION BEGINS --

1. EV Guideline 8.4 is deleted.

2. EV Guideline Section 18 is amended to read as follows:

18. Liability and Indemnification CAs MAY limit their liability as
described in Section 18 of the Baseline Requirements except that a CA
MAY NOT limit its liability to Subscribers or Relying Parties for
legally recognized and provable claims to a monetary amount less than
two ten thousand US dollars per Subscriber or Relying Party per EV
Certificate.

A CA's indemnification obligations and a Root CA's obligations with
respect to subordinate CAs are set forth in the Baseline Requirements.

3. Baseline Requirements Section 18.1 is amended to read as follows:

18.1 Liability to Subscribers and Relying Parties

If the CA has issued and managed the Certificate in compliance with
these Requirements and its Certificate Policy and/or Certification
Practice Statement, the CA MAY disclaim liability to the Certificate
Beneficiaries or any other third parties for any losses suffered as a
result of use or reliance on such Certificate beyond those specified in
the CA's Certificate Policy and/or Certification Practice Statement. If
the CA has not issued or managed the Certificate in compliance with
these Requirements and its Certificate Policy and/or Certification
Practice Statement, the CA MAY seek to limit its liability to the
Subscriber and to Relying Parties, regardless of the cause of action or
legal theory involved, for any and all claims, losses or damages
suffered as a result of the use or reliance on such Certificate by any
appropriate means that the CA desires. If the CA chooses to limit its
liability for Certificates that are not issued or managed in compliance
with these Requirements or its Certificate Policy and/or Certification
Practice Statement, then the CA SHALL include the limitations on
liability in the CA's Certificate Policy and/or Certification Practice
Statement. Notwithstanding the foregoing, a CA MAY NOT limit its
liability to Subscribers or Relying Parties for legally recognized and
provable claims to a monetary amount less than two thousand US dollars
per Subscriber or Relying Party per DV Certificate or less than five
thousand US dollars per Subscriber or Relying Party per OV Certificate.

-- MOTION ENDS --

The review period for this ballot shall commence at 2200 UTC on Monday,
5 January 2015, and will close at 2200 UTC on Monday, 12 January 2015.
Unless the motion is withdrawn during the review period, the voting
period will start immediately thereafter and will close at 2200 UTC on
Monday, 19 January 2015. Votes must be cast by posting an on-list reply
to this thread.

A vote in favor of the motion must indicate a clear 'yes' in the
response. A vote against must indicate a clear 'no' in the response. A
vote to abstain must indicate a clear 'abstain' in the response. Unclear
responses will not be counted. The latest vote received from any
representative of a voting member before the close of the voting period
will be counted. Voting members are listed here:
<https://cabforum.org/members/> https://cabforum.org/members/

In order for the motion to be adopted, two thirds or more of the votes
cast by members in the CA category and greater than 50% of the votes
cast by members in the browser category must be in favor. Quorum is
currently nine (9) members- at least nine members must participate in
the ballot, either by voting in favor, voting against, or abstaining.

TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is
confidential 
and may be subject to copyright or other intellectual property
protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply
mail or
telephone and delete the original message from your mail system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20150116/811c2f4c/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5156 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20150116/811c2f4c/attachment-0001.bin 