[cabfpub] Ballot 141 - Reposted
sleevi at google.com
Mon Jan 19 18:14:15 UTC 2015
Google votes No.
On Jan 7, 2015 10:01 AM, "kirk_hall at trendmicro.com" <
kirk_hall at trendmicro.com> wrote:
> *I just realized we should re-post Ballots 141 and 142 to promote
> discussion, so here they are.*
> *Ballot 141 – Elimination of EV Insurance Requirement; Financial
> Responsibility for Mis-Issued Certificates*
> The following motion has been proposed by Kirk Hall of Trend Micro and
> endorsed by Robin Alden of Comodo and Dean Coclin of Symantec.
> The existing insurance requirements of EV Guidelines Section 8.4 were
> intended to help assure the public that CAs would be financially
> responsible, but the requirements for Commercial General Liability and
> Professional Liability / Errors & Omissions insurance are not well suited
> for this purpose and do not apply to DV and OV certificates.
> The current insurance requirements should be replaced by other, more
> effective financial responsibility requirements that are more directly
> focused on financial responsibility for potential harm to subscribers and
> relying parties from mis-issued certificates of all types. At present, CAs
> are permitted to limit their potential liability to subscribers and relying
> parties to $2,000 per EV certificate under EV Guidelines Section 18 and $0
> per DV and OV certificate under Baseline Requirements Section 18.1.
> This ballot (1) deletes the current EV insurance requirements at EV
> Guidelines Section 8.4, and (2) amends the EV Guidelines and the Baseline
> Requirements so that CAs are permitted to limit their potential liability
> to subscribers and relying parties to $10,000 per EV certificate, $5,000
> per OV certificate, and $2,000 per OV certificate. This ballot does not
> otherwise change whatever legal liability a CA would or would not have for
> its certificates under applicable law.
> -- MOTION BEGINS --
> 1. EV Guideline 8.4 is deleted.
> 2. EV Guideline Section 18 is amended to read as follows:
> *18. Liability and Indemnification* CAs MAY limit their liability as
> described in Section 18 of the Baseline Requirements except that a CA MAY
> NOT limit its liability to Subscribers or Relying Parties for legally
> recognized and provable claims to a monetary amount less than two *ten* thousand
> US dollars per Subscriber or Relying Party per EV Certificate.
> A CA's indemnification obligations and a Root CA’s obligations with
> respect to subordinate CAs are set forth in the Baseline Requirements.
> 3. Baseline Requirements Section 18.1 is amended to read as follows:
> *18.1 Liability to Subscribers and Relying Parties*
> If the CA has issued and managed the Certificate in compliance with these
> Requirements and its Certificate Policy and/or Certification Practice
> Statement, the CA MAY disclaim liability to the Certificate Beneficiaries
> or any other third parties for any losses suffered as a result of use or
> reliance on such Certificate beyond those specified in the CA's Certificate
> Policy and/or Certification Practice Statement. If the CA has not issued or
> managed the Certificate in compliance with these Requirements and its
> Certificate Policy and/or Certification Practice Statement, the CA MAY seek
> to limit its liability to the Subscriber and to Relying Parties, regardless
> of the cause of action or legal theory involved, for any and all claims,
> losses or damages suffered as a result of the use or reliance on such
> Certificate by any appropriate means that the CA desires. If the CA chooses
> to limit its liability for Certificates that are not issued or managed in
> compliance with these Requirements or its Certificate Policy and/or
> Certification Practice Statement, then the CA SHALL include the limitations
> on liability in the CA’s Certificate Policy and/or Certification Practice
> Statement. *Notwithstanding the foregoing, a CA MAY NOT limit its
> liability to Subscribers or Relying Parties for legally recognized and
> provable claims to a monetary amount less than two thousand US dollars per
> Subscriber or Relying Party per DV Certificate or less than five thousand
> US dollars per Subscriber or Relying Party per OV Certificate.*
> -- MOTION ENDS --
> The review period for this ballot shall commence at 2200 UTC on Monday, 5
> January 2015, and will close at 2200 UTC on Wednesday, 12 January 2015.
> Unless the motion is withdrawn during the review period, the voting period
> will start immediately thereafter and will close at 2200 UTC on Wednesday,
> 19 January 2015. Votes must be cast by posting an on-list reply to this
> A vote in favor of the motion must indicate a clear 'yes' in the response.
> A vote against must indicate a clear 'no' in the response. A vote to
> abstain must indicate a clear 'abstain' in the response. Unclear responses
> will not be counted. The latest vote received from any representative of a
> voting member before the close of the voting period will be counted. Voting
> members are listed here: https://cabforum.org/members/
> In order for the motion to be adopted, two thirds or more of the votes
> cast by members in the CA category and greater than 50% of the votes cast
> by members in the browser category must be in favor. Quorum is currently
> nine (9) members– at least nine members must participate in the ballot,
> either by voting in favor, voting against, or abstaining.
> TREND MICRO EMAIL NOTICE
> The information contained in this email and any attachments is confidential
> and may be subject to copyright or other intellectual property protection.
> If you are not the intended recipient, you are not authorized to use or
> disclose this information, and we request that you notify us by reply mail or
> telephone and delete the original message from your mail system.
> Public mailing list
> Public at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public