[cabfpub] Pre-Ballot 209 EV Liability
Moudrick M. Dadashov
md at ssc.lt
Wed Jul 26 13:32:23 MST 2017
Thanks, Ben.
Assuming that any combination (of 1,2, 3) or no combination at all would
be acceptable, could we add something like "at least one or any
combination of following" so that it is explicitly clear?
Thanks,
M.D.
CAs MAY limit their liability as described in Section 9.8 of the
Baseline Requirements except that a CA MAY NOT limit its liability to
Subscribers or Relying Parties for legally recognized and provable
claims to a monetary amount less than:
On 7/26/2017 5:12 AM, Ben Wilson wrote:
>
> Rather than tack on these two additional limits, what if it were
> simplified to read:
>
> CAs MAY limit their liability as described in Section 9.8 of the
> Baseline Requirements except that a CA MAY NOT limit its liability to
> Subscribers or Relying Parties for legally recognized and provable
> claims to a monetary amount less than:
>
> _(1)_ two thousand US dollars per Subscriber or Relying Party per EV
> Certificate_;_
>
> _(2) one hundred thousand US dollars – aggregated across all claims,
> Subscribers, and Relying Parties – per EV Certificate; and/or_
>
> _(3) five million US dollars – aggregated across all claims,
> Subscribers, and Relying Parties – for all EV Certificates issued by
> the CA during any continuous 12-month period. _
>
> __
>
> _These limitations are notwithstanding anything in the Baseline
> Requirements purportedly to the contrary._
>
> A CA's indemnification obligations and a Root CA’s obligations with
> respect to subordinate CAs are set forth in Section 9.9 of the
> Baseline Requirements.
>
> *From:*Public [mailto:public-bounces at cabforum.org] *On Behalf Of *Ben
> Wilson via Public
> *Sent:* Tuesday, July 25, 2017 6:37 PM
> *To:* Moudrick M. Dadashov <md at ssc.lt>; CA/Browser Forum Public
> Discussion List <public at cabforum.org>
> *Subject:* Re: [cabfpub] Pre-Ballot 209 EV Liability
>
> Would this work?
>
> Notwithstanding the foregoing, a CA MAY limit its liability to
> Subscribers or Relying Parties for legally recognized and provable
> claims to _not less than_: (1) one hundred thousand US dollars –
> aggregated across all claims, Subscribers, and Relying Parties – per
> EV Certificate; and_/or_ (2) five million US dollars – aggregated
> across all claims, Subscribers, and Relying Parties – for all EV
> Certificates issued by the CA during any continuous 12-month period.
> These limitations are notwithstanding anything in the Baseline
> Requirements purportedly to the contrary.
>
> *From:*Moudrick M. Dadashov [mailto:md at ssc.lt]
> *Sent:* Tuesday, July 25, 2017 5:48 PM
> *To:* Ben Wilson <ben.wilson at digicert.com
> <mailto:ben.wilson at digicert.com>>; CA/Browser Forum Public Discussion
> List <public at cabforum.org <mailto:public at cabforum.org>>
> *Subject:* Re: [cabfpub] Pre-Ballot 209 EV Liability
>
> Would you mind to show how it would sound now? :)
>
> Thanks,
> M.D.
>
> On 7/26/2017 2:14 AM, Ben Wilson wrote:
>
> And it should be an “and” or a “but”, but rephrased nevertheless.
>
> *Ben Wilson, JD, CISA, CISSP*
>
> VP Compliance
>
> +1 801 701 9678
>
> *From:*Ben Wilson
> *Sent:* Tuesday, July 25, 2017 5:11 PM
> *To:* Ben Wilson <ben.wilson at digicert.com>
> <mailto:ben.wilson at digicert.com>; CA/Browser Forum Public
> Discussion List <public at cabforum.org>
> <mailto:public at cabforum.org>; Moudrick M. Dadashov <md at ssc.lt>
> <mailto:md at ssc.lt>
> *Subject:* RE: [cabfpub] Pre-Ballot 209 EV Liability
>
> Never mind – I think I now see your point. Not “up to” it needs
> to be “not less than $5 million.” Would that make it clearer?
>
> *Ben Wilson, JD, CISA, CISSP*
>
> VP Compliance
>
> +1 801 701 9678
>
> *From:*Public [mailto:public-bounces at cabforum.org] *On Behalf Of
> *Ben Wilson via Public
> *Sent:* Tuesday, July 25, 2017 5:10 PM
> *To:* Moudrick M. Dadashov <md at ssc.lt <mailto:md at ssc.lt>>;
> CA/Browser Forum Public Discussion List <public at cabforum.org
> <mailto:public at cabforum.org>>
> *Subject:* Re: [cabfpub] Pre-Ballot 209 EV Liability
>
> It’s permissive – a CA MAY limit its liability. Maybe we should
> say “up to $5 million”. Then, would that be clearer - that it
> can be less than $5 million?
>
> *Ben Wilson, JD, CISA, CISSP*
>
> VP Compliance
>
> +1 801 701 9678
>
> *From:*Moudrick M. Dadashov [mailto:md at ssc.lt]
> *Sent:* Tuesday, July 25, 2017 4:35 PM
> *To:* Ben Wilson <ben.wilson at digicert.com
> <mailto:ben.wilson at digicert.com>>; CA/Browser Forum Public
> Discussion List <public at cabforum.org <mailto:public at cabforum.org>>
> *Subject:* Re: [cabfpub] Pre-Ballot 209 EV Liability
>
> With "and" I don't see its optional.
>
> Again, just to understand the model: is per EV certificate amount
> is NOT fixed whereas 12-month continuous amount is the only option
> ($5 mln.)?
>
> Thanks,
> M.D.
>
> On 7/26/2017 1:28 AM, Ben Wilson wrote:
>
> All of the provisions would provide optional caps that CAs
> could place on EV liability. The 12-month $5 Million cap
> allows a CA to cap all EV liability to all those EV
> certificates issued within a single year.
>
> *Ben Wilson, JD, CISA, CISSP*
>
> VP Compliance
>
> +1 801 701 9678
>
> *From:*Moudrick M. Dadashov [mailto:md at ssc.lt]
> *Sent:* Tuesday, July 25, 2017 4:24 PM
> *To:* Ben Wilson <ben.wilson at digicert.com>
> <mailto:ben.wilson at digicert.com>; CA/Browser Forum Public
> Discussion List <public at cabforum.org> <mailto:public at cabforum.org>
> *Subject:* Re: [cabfpub] Pre-Ballot 209 EV Liability
>
> Ok. Do I understand the intention correctly: to have a
> "floating liability" amount per EV certificate and "fixed
> liability" amount per continuous 12-month period?
>
> Thanks,
> M.D.
>
> On 7/26/2017 1:10 AM, Ben Wilson wrote:
>
> No. Because they MAY do both. An “or” would mean that
> they have to choose between the two, which isn’t the intent.
>
> *Ben Wilson, JD, CISA, CISSP*
>
> VP Compliance
>
> +1 801 701 9678
>
> *From:*Moudrick M. Dadashov [mailto:md at ssc.lt]
> *Sent:* Tuesday, July 25, 2017 4:09 PM
> *To:* Ben Wilson <ben.wilson at digicert.com>
> <mailto:ben.wilson at digicert.com>; CA/Browser Forum Public
> Discussion List <public at cabforum.org>
> <mailto:public at cabforum.org>
> *Subject:* Re: [cabfpub] Pre-Ballot 209 EV Liability
>
> Hi Ben,
>
> could it be "or" between (1) and (2)?
>
> Thanks,
> M.D.
>
> On 7/25/2017 11:59 PM, Ben Wilson via Public wrote:
>
> Here is another pre-ballot for discussion.
>
> *Ballot 209 - EV Liability*
>
> In Section 18 of the EV Guidelines, add the following
> sentences to the end of the first paragraph:
>
> Notwithstanding the foregoing, a CA MAY limit its
> liability to Subscribers or Relying Parties for
> legally recognized and provable claims to: (1) one
> hundred thousand US dollars – aggregated across all
> claims, Subscribers, and Relying Parties – per EV
> Certificate; and (2) five million US dollars –
> aggregated across all claims, Subscribers, and Relying
> Parties – for all EV Certificates issued by the CA
> during any continuous 12-month period. These
> limitations are notwithstanding anything in the
> Baseline Requirements purportedly to the contrary.
>
> Such that Section 18 of the EV Guidelines would read:
>
> CAs MAY limit their liability as described in Section
> 9.8 of the Baseline Requirements except that a CA MAY
> NOT limit its liability to Subscribers or Relying
> Parties for legally recognized and provable claims to
> a monetary amount less than two thousand US dollars
> per Subscriber or Relying Party per EV Certificate.
> _Notwithstanding the foregoing, a CA MAY limit its
> liability to Subscribers or Relying Parties for
> legally recognized and provable claims to: (1) one
> hundred thousand US dollars – aggregated across all
> claims, Subscribers, and Relying Parties – per EV
> Certificate; and (2) five million US dollars –
> aggregated across all claims, Subscribers, and Relying
> Parties – for all EV Certificates issued by the CA
> during any continuous 12-month period. These
> limitations are notwithstanding anything in the
> Baseline Requirements purportedly to the contrary_.
>
> A CA's indemnification obligations and a Root CA’s
> obligations with respect to subordinate CAs are set
> forth in Section 9.9 of the Baseline Requirements.
>
> *Ben Wilson, JD, CISA, CISSP*
>
> VP Compliance
>
> +1 801 701 9678
>
>
>
>
> _______________________________________________
>
> Public mailing list
>
> Public at cabforum.org <mailto:Public at cabforum.org>
>
> https://cabforum.org/mailman/listinfo/public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170726/a44499d0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 5795 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/a44499d0/attachment-0006.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 5861 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/a44499d0/attachment-0007.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 5687 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/a44499d0/attachment-0008.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 5794 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/a44499d0/attachment-0009.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 5652 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/a44499d0/attachment-0010.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 5747 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/a44499d0/attachment-0011.jpe>
More information about the Public
mailing list