[cabfpub] Limitation of Liability and Indemnification

Moudrick M. Dadashov md at ssc.lt
Thu Oct 12 22:11:10 UTC 2017


How about:

BR/EVG --> Webtrust/ETSI schemes --> *Root Store schemes* --> Audit 
report --> CP/CPS --> Binding RPA/Subscriber Agreement

Thanks,
M.D

On 10/13/2017 12:58 AM, Ryan Sleevi via Public wrote:
>
>
> On Thu, Oct 12, 2017 at 5:38 PM, Virginia Fournier via Public 
> <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>
>     Message: 3
>     Date: Fri, 13 Oct 2017 00:18:33 +0300
>     From: "Moudrick M. Dadashov" <md at ssc.lt <mailto:md at ssc.lt>>
>     To: Virginia Fournier via Public <public at cabforum.org
>     <mailto:public at cabforum.org>>
>     Subject: Re: [cabfpub] Limitation of Liability and Indemnification
>     Message-ID: <3b9e4544-5b18-7535-c712-1cf544d7d8c5 at ssc.lt
>     <mailto:3b9e4544-5b18-7535-c712-1cf544d7d8c5 at ssc.lt>>
>     Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
>     Could you please explain why you think BR and EV Requirements are
>     only
>     binding on members of the Forum?
>
>     Thanks,
>     M.D.
>
>     Hi M.D.
>
>     I can see why this would be hard to understand.
>
>     Entities who are not members of the Forum have nothing that would
>     legally bind them to abide by those limitations.  They aren’t
>     members, so they aren’t bound by any of the Forum documents -
>     Bylaws, Baseline Requirements, etc.  They don’t have a written
>     agreement with the Forum to abide by certain requirements, so
>     they’re not bound that way either.
>
>
> Members of the Forum also aren't bound to abide by the Baseline 
> Requirements.
>
> Given this, does that resolve your concern?
>
>     The best way to make the limitations binding on the Subscribers,
>     Relying Parties, etc. would be for the CAs to enter into
>     agreements with those parties, and try to get them to agree to the
>     limitations.  But, again, they could just ignore the limitations.
>
>
> Perhaps phrased differently - the BRs describe what such agreements 
> MUST and SHOULD contain. This is allowing a further modification (a 
> MAY) to such agreements. The enforcement and requirement that CAs 
> agreements do or do not contain such provisions is done by the root 
> stores that individual CAs partner with - not by the Forum.
>
> No member of the Forum is bound to abide by the Baseline Requirements 
> by the Forum. The only document any member is bound to is to the IPR 
> policy (as per the mutual contracts signed).
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171013/8e51f6fc/attachment-0003.html>


More information about the Public mailing list