[cabfpub] Ballots 141 and 142

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Wed Jan 14 23:59:49 UTC 2015

Trend Micro votes "yes" on both Ballot 141 and Ballot 142.

I want to recap the history of these ballots.  I actually started the effort to delete the insurance requirements in the EV Guidelines in Ballot 121 last April, but it failed.  The insurance issue came up again later in 2014.  Ben Wilson did excellent research and proposed a new, more relevant set of insurance requirements for EV certs in Ballot 133, but that ballot also failed.

At that point, I talked to a number of other CAs, and it seemed to me that we should again try to delete the current EV insurance requirements (because most people believe they are not particularly useful as applied to CAs and their work in issuing certs), but that it would be more responsible to combine that step with the addition of a new financial responsibility requirement - namely, that CAs take on some financial responsibility for the DV and OV certs they issue (not just for EV certs, like we have today in EVGL Section 18 - that sets a minimum CA liability of $2,000 per subscriber or relying party per EV cert).

I would also like to follow up with discussion of minimum capital requirements for CAs, another step to establish financial responsibility for CAs in favor of their customers and the public who rely on certs.  Maybe we should look one more time at insurance as well, and try to follow the insurance requirements of some countries for qualified certificates.

I think certs and encryption will become even more important for internet security in the next few years, and so I think CAs should take additional steps to stand behind their products .  This will be good for CAs as a whole, and good for the internet as well.

Kirk R. Hall
Operations Director, Trust Services
Trend Micro

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150114/917f017a/attachment-0003.html>

More information about the Public mailing list