[cabfpub] Pre-Ballot 209 EV Liability

Ben Wilson ben.wilson at digicert.com
Tue Jul 25 19:12:39 MST 2017


Rather than tack on these two additional limits, what if it were simplified to read:

 

CAs MAY limit their liability as described in Section 9.8 of the Baseline Requirements except that a CA MAY NOT limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to a monetary amount less than: 

                 (1)  two thousand US dollars per Subscriber or Relying Party per EV Certificate;

                 (2)  one hundred thousand US dollars – aggregated across all claims, Subscribers, and Relying Parties – per EV Certificate; and/or

                 (3)  five million US dollars – aggregated across all claims, Subscribers, and Relying Parties – for all EV Certificates issued by the CA during any continuous 12-month period. 

 

These limitations are notwithstanding anything in the Baseline Requirements purportedly to the contrary.

 

A CA's indemnification obligations and a Root CA’s obligations with respect to subordinate CAs are set forth in Section 9.9 of the Baseline Requirements.

 

 

 

 

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson via Public
Sent: Tuesday, July 25, 2017 6:37 PM
To: Moudrick M. Dadashov <md at ssc.lt>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability

 

Would this work?

 

Notwithstanding the foregoing, a CA MAY limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to not less than: (1) one hundred thousand US dollars – aggregated across all claims, Subscribers, and Relying Parties – per EV Certificate; and/or (2) five million US dollars – aggregated across all claims, Subscribers, and Relying Parties – for all EV Certificates issued by the CA during any continuous 12-month period. These limitations are notwithstanding anything in the Baseline Requirements purportedly to the contrary.

 

From: Moudrick M. Dadashov [mailto:md at ssc.lt] 
Sent: Tuesday, July 25, 2017 5:48 PM
To: Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >; CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability

 

Would you mind to show how it would sound now? :)

Thanks,
M.D.

On 7/26/2017 2:14 AM, Ben Wilson wrote:

And it should be an “and” or a “but”, but rephrased nevertheless.

 

Ben Wilson, JD, CISA, CISSP

VP Compliance

+1 801 701 9678



 

From: Ben Wilson 
Sent: Tuesday, July 25, 2017 5:11 PM
To: Ben Wilson  <mailto:ben.wilson at digicert.com> <ben.wilson at digicert.com>; CA/Browser Forum Public Discussion List  <mailto:public at cabforum.org> <public at cabforum.org>; Moudrick M. Dadashov  <mailto:md at ssc.lt> <md at ssc.lt>
Subject: RE: [cabfpub] Pre-Ballot 209 EV Liability

 

Never mind – I think I now see your point.  Not “up to” it needs to be “not less than $5 million.”  Would that make it clearer?

 

Ben Wilson, JD, CISA, CISSP

VP Compliance

+1 801 701 9678



 

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson via Public
Sent: Tuesday, July 25, 2017 5:10 PM
To: Moudrick M. Dadashov <md at ssc.lt <mailto:md at ssc.lt> >; CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability

 

It’s permissive – a CA MAY limit its liability.   Maybe we should say “up to $5 million”.   Then, would that be clearer -  that it can be less than $5 million?

 

Ben Wilson, JD, CISA, CISSP

VP Compliance

+1 801 701 9678



 

From: Moudrick M. Dadashov [mailto:md at ssc.lt] 
Sent: Tuesday, July 25, 2017 4:35 PM
To: Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >; CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability

 

With "and" I don't see its optional.

Again, just to understand the model: is per EV certificate amount is NOT fixed whereas 12-month continuous amount is the only option ($5 mln.)?

Thanks,
M.D.  

On 7/26/2017 1:28 AM, Ben Wilson wrote:

All of the provisions would provide optional caps that CAs could place on EV liability.  The 12-month $5 Million cap allows a CA to cap all EV liability to all those EV certificates issued within a single year.   

 

Ben Wilson, JD, CISA, CISSP

VP Compliance

+1 801 701 9678



 

From: Moudrick M. Dadashov [mailto:md at ssc.lt] 
Sent: Tuesday, July 25, 2017 4:24 PM
To: Ben Wilson  <mailto:ben.wilson at digicert.com> <ben.wilson at digicert.com>; CA/Browser Forum Public Discussion List  <mailto:public at cabforum.org> <public at cabforum.org>
Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability

 

Ok. Do I understand the intention correctly: to have a "floating liability" amount per EV certificate and "fixed liability" amount per continuous 12-month period?

Thanks,
M.D.

On 7/26/2017 1:10 AM, Ben Wilson wrote:

No. Because they MAY do both.  An “or” would mean that they have to choose between the two, which isn’t the intent.

 

Ben Wilson, JD, CISA, CISSP

VP Compliance

+1 801 701 9678



 

From: Moudrick M. Dadashov [mailto:md at ssc.lt] 
Sent: Tuesday, July 25, 2017 4:09 PM
To: Ben Wilson  <mailto:ben.wilson at digicert.com> <ben.wilson at digicert.com>; CA/Browser Forum Public Discussion List  <mailto:public at cabforum.org> <public at cabforum.org>
Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability

 

Hi Ben,

could it be "or" between (1) and (2)?

Thanks,
M.D.

On 7/25/2017 11:59 PM, Ben Wilson via Public wrote:

Here is another pre-ballot for discussion.

 

Ballot 209 - EV Liability

 

In Section 18 of the EV Guidelines, add the following sentences to the end of the first paragraph:

 

Notwithstanding the foregoing, a CA MAY limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to: (1) one hundred thousand US dollars – aggregated across all claims, Subscribers, and Relying Parties – per EV Certificate; and (2) five million US dollars – aggregated across all claims, Subscribers, and Relying Parties – for all EV Certificates issued by the CA during any continuous 12-month period. These limitations are notwithstanding anything in the Baseline Requirements purportedly to the contrary.

 

Such that Section 18 of the EV Guidelines would read:

 

CAs MAY limit their liability as described in Section 9.8 of the Baseline Requirements except that a CA MAY NOT limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to a monetary amount less than two thousand US dollars per Subscriber or Relying Party per EV Certificate. Notwithstanding the foregoing, a CA MAY limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to: (1) one hundred thousand US dollars – aggregated across all claims, Subscribers, and Relying Parties – per EV Certificate; and (2) five million US dollars – aggregated across all claims, Subscribers, and Relying Parties – for all EV Certificates issued by the CA during any continuous 12-month period. These limitations are notwithstanding anything in the Baseline Requirements purportedly to the contrary.

 

A CA's indemnification obligations and a Root CA’s obligations with respect to subordinate CAs are set forth in Section 9.9 of the Baseline Requirements.

 

Ben Wilson, JD, CISA, CISSP

VP Compliance

+1 801 701 9678



 






_______________________________________________
Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org> 
https://cabforum.org/mailman/listinfo/public

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170726/2329ce3f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image013.jpg
Type: image/jpeg
Size: 5795 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/2329ce3f/attachment-0006.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image014.jpg
Type: image/jpeg
Size: 5861 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/2329ce3f/attachment-0007.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image015.jpg
Type: image/jpeg
Size: 5687 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/2329ce3f/attachment-0008.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image016.jpg
Type: image/jpeg
Size: 5794 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/2329ce3f/attachment-0009.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image017.jpg
Type: image/jpeg
Size: 5652 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/2329ce3f/attachment-0010.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image018.jpg
Type: image/jpeg
Size: 5747 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/2329ce3f/attachment-0011.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/2329ce3f/attachment-0001.p7s>


More information about the Public mailing list