[cabfpub] BRs section 9.16.3 (exception for laws)

Jeremy Rowley jeremy.rowley at digicert.com
Wed Apr 27 17:40:19 UTC 2016

Some CAs may not “want” to deviate from a requirement but may be forced to by regulation. They also won’t “deviate from… these Requirements” because the requirements are reformed to the extent necessary to accommodate for the law.


How about:


A CA that issues a certificate under a requirement reformed through an action of a court or government body with jurisdiction SHALL list the reformed requirement in Section 9.16.3 of the CA’s CPS prior to issuing a certificate and include (in Section 9.16.3 of the CA’s CPS) a reference to the law or government order requiring a reformation under this section .



From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Gervase Markham
Sent: Wednesday, April 27, 2016 10:38 AM
To: CABFPub <public at cabforum.org>
Subject: [cabfpub] BRs section 9.16.3 (exception for laws)


Hi everyone,

At the last CAB Forum meeting, we had a discussion about BRs section 9.16.3, and the possibility that it allows CAs to violate the BRs without appropriate notification. After the CAB Forum meeting, the following amendment (which I have tweaked) was helpfully suggested by one participant in the conversation The aim is to bring transparency, so anyone in violation under this clause is at least documented, and we can consider revisions to the BRs accordingly.

What do people think?



9.16.3. Severability

If a court or government body with jurisdiction over the activities covered by these Requirements determines that the performance of any mandatory requirement is illegal, then such requirement is considered reformed to the minimum extent necessary to make the requirement valid and legal. This applies only to operations or certificate issuances that are subject to the laws of that jurisdiction. The parties involved SHALL notify the CA / Browser Forum by sending a detailed message to questions at cabforum.org <mailto:questions at cabforum.org>  of the facts, circumstances, and law(s) involved, and receiving confirmation of the receipt of the message by the CA/Browser Forum, so that the CA/Browser Forum may consider possible revisions to these Requirements accordingly.

Any CA that wants to deviate from any mandatory requirement of these Requirements as written on the basis of this Section 9.16.3 must list all such non-conformity (including a reference to the specific Requirement(s) subject to deviation) in Section 9.16.3 of the CA’s CPS before deviating from the Requirement(s), and include in such disclosure the facts, circumstances, and law(s) involved. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160427/7f5491fd/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160427/7f5491fd/attachment-0001.p7s>

More information about the Public mailing list