[cabfpub] the real barrier for new CA RE: Ballot 142 - Reposted

Richard Wang richard at wosign.com
Thu Jan 8 03:49:54 UTC 2015

Hi all,

WoSign renewed our 2015 insurance  for two reasons:
1. We posted our SSL certificate warranty (insurance) in our website, the sales & marketing department think if we delete this warranty, how my customer think about?  We think keep it is better to give my customer more confidences and benefit for marketing;
2. Our directors think buying insurance is good activity for a good company operation, it will protect company in case of the fault happen.

I don't think the insurance cost is a "significant cost", " a barrier to market entry". 
The REAL barrier for new entry is the long long time for all browser/OS's root inclusion time. In order to let our issued cert support all browser and all OS, we should pay more than 6 times of the insurance cost for cross signing with the old included roots. This is the big barrier and big burden for new CA.  Nearly two years passed from our root inclusion application to all browsers, we finished some, and there are still some browser/OS still don't include WoSign root, and even never response my inquiry email.   

I wish the browsers can process the root inclusion more efficiently, more quickly that help new entry reduce the cost, thanks a lot.

Best Regards,


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Thursday, January 8, 2015 2:11 AM
To: kirk_hall at trendmicro.com; CABFPub (public at cabforum.org)
Subject: Re: [cabfpub] Ballot 142 - Reposted

On 07/01/15 18:00, kirk_hall at trendmicro.com wrote:
> *Ballot 142 – Elimination of EV Insurance Requirement*
> The following motion has been proposed by Gervase Markham of Mozilla 
> and endorsed by Ryan Sleevi of Google and Moudrick Dadashov of SSC.

Thanks to Kirk for reposting these.

I am happy to refresh everyone's memory by re-making the case for the elimination of the existing insurance requirement, something which both ballots propose. All: please do say if you are still unconvinced by the wisdom of this.

In short: our analysis, in consultation with lawyers, suggests that there is no forseeable circumstance where relying parties or the Internet in general would benefit from the particular mandated forms of insurance, and the significant cost is a barrier to market entry, which a trade body should not be perpetuating without good evidence of particular effectiveness.

Mozilla also supports the provisions of ballot 141 which prevent CAs from disclaiming all liability for their certificates. However, both ballots are being allowed to proceed so that the two issues can be decoupled from one another. If you support the removal of the current requirements but not the imposition of the new ones, you can vote Yes to my ballot (142) and No to Kirk's (141).

Public mailing list
Public at cabforum.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5075 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150108/327c40d4/attachment.p7s>

More information about the Public mailing list