[cabfpub] BRs section 9.16.3 (exception for laws)

Gervase Markham gerv at mozilla.org
Wed Apr 27 16:38:17 UTC 2016

Hi everyone,

At the last CAB Forum meeting, we had a discussion about BRs section
9.16.3, and the possibility that it allows CAs to violate the BRs
without appropriate notification. After the CAB Forum meeting, the
following amendment (which I have tweaked) was helpfully suggested by
one participant in the conversation The aim is to bring transparency, so
anyone in violation under this clause is at least documented, and we can
consider revisions to the BRs accordingly.

What do people think?


*9.16.3. Severability*

If a court or government body with jurisdiction over the activities
covered by these Requirements determines that the performance of any
mandatory requirement is illegal, then such requirement is considered
reformed to the minimum extent necessary to make the requirement valid
and legal. This applies only to operations or certificate issuances that
are subject to the laws of that jurisdiction. The parties involved SHALL
notify the CA / Browser Forum _by sending a detailed message to
questions at cabforum.org _of the facts, circumstances, and law(s)
involved, _and receiving confirmation of the receipt of the message by
the CA/Browser Forum,_ so that the CA/Browser Forum may _consider
possible revisions to these_ Requirements accordingly.

_Any CA that wants to deviate from any mandatory requirement of these
Requirements as written on the basis of this Section 9.16.3 must list
all such non-conformity (including a reference to the specific
Requirement(s) subject to deviation) in Section 9.16.3 of the CA’s CPS
before deviating from the Requirement(s), and include in such disclosure
the facts, circumstances, and law(s) involved. _
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160427/dfef85be/attachment-0002.html>

More information about the Public mailing list