[cabfpub] Pre-Ballot 209 EV Liability

Ben Wilson ben.wilson at digicert.com
Tue Jul 25 15:10:58 MST 2017


No. Because they MAY do both.  An “or” would mean that they have to choose between the two, which isn’t the intent.

 

Ben Wilson, JD, CISA, CISSP

VP Compliance

+1 801 701 9678



 

From: Moudrick M. Dadashov [mailto:md at ssc.lt] 
Sent: Tuesday, July 25, 2017 4:09 PM
To: Ben Wilson <ben.wilson at digicert.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability

 

Hi Ben,

could it be "or" between (1) and (2)?

Thanks,
M.D.

On 7/25/2017 11:59 PM, Ben Wilson via Public wrote:

Here is another pre-ballot for discussion.

 

Ballot 209 - EV Liability

 

In Section 18 of the EV Guidelines, add the following sentences to the end of the first paragraph:

 

Notwithstanding the foregoing, a CA MAY limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to: (1) one hundred thousand US dollars – aggregated across all claims, Subscribers, and Relying Parties – per EV Certificate; and (2) five million US dollars – aggregated across all claims, Subscribers, and Relying Parties – for all EV Certificates issued by the CA during any continuous 12-month period. These limitations are notwithstanding anything in the Baseline Requirements purportedly to the contrary.

 

Such that Section 18 of the EV Guidelines would read:

 

CAs MAY limit their liability as described in Section 9.8 of the Baseline Requirements except that a CA MAY NOT limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to a monetary amount less than two thousand US dollars per Subscriber or Relying Party per EV Certificate. Notwithstanding the foregoing, a CA MAY limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to: (1) one hundred thousand US dollars – aggregated across all claims, Subscribers, and Relying Parties – per EV Certificate; and (2) five million US dollars – aggregated across all claims, Subscribers, and Relying Parties – for all EV Certificates issued by the CA during any continuous 12-month period. These limitations are notwithstanding anything in the Baseline Requirements purportedly to the contrary.

 

A CA's indemnification obligations and a Root CA’s obligations with respect to subordinate CAs are set forth in Section 9.9 of the Baseline Requirements.

 

Ben Wilson, JD, CISA, CISSP

VP Compliance

+1 801 701 9678



 






_______________________________________________
Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org> 
https://cabforum.org/mailman/listinfo/public

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170725/c9e488f6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6110 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170725/c9e488f6/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 6013 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170725/c9e488f6/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170725/c9e488f6/attachment-0001.p7s>


More information about the Public mailing list