[cabfpub] Limitation of Liability and Indemnification
Wayne Thayer
wthayer at godaddy.com
Thu Oct 12 22:41:09 UTC 2017
Virginia,
As Ryan stated, this requirement is about constraining the liability limits that CAs are allowed to place in their SA/RPA(s). If the CA isn’t permitted to enter in to an agreement with a liability limit lower than what is specified by the CA/B Forum and enforced by the root programs via audits, then I fail to see how these limitations ‘are not required’?
Thanks,
Wayne
From: Public <public-bounces at cabforum.org> on behalf of Virginia Fournier via Public <public at cabforum.org>
Reply-To: Virginia Fournier <vfournier at apple.com>, CA/Browser Forum Public Discussion List <public at cabforum.org>
Date: Thursday, October 12, 2017 at 3:21 PM
To: "Moudrick M. Dadashov" <md at ssc.lt>
Cc: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Limitation of Liability and Indemnification
MD,
If you can get the Relying Parties and Subscribers to sign the agreement with the limitations of liability and indemnification in it, then they are bound. But the rest does not require them to agree to those provisions. It’s entirely up to the Relying Parties and Subscribers to decide whether they accept those provisions or not.
If you have any additional questions, you should discuss with your counsel.
Given that the limitations are not required, is there a need to proceed with this ballot?
Best regards,
Virginia Fournier
Senior Standards Counsel
Apple Inc.
☏ 669-227-9595
✉︎ vmf at apple.com<mailto:vmf at apple.com>
On Oct 12, 2017, at 3:11 PM, Moudrick M. Dadashov <md at ssc.lt<mailto:md at ssc.lt>> wrote:
How about:
BR/EVG --> Webtrust/ETSI schemes --> Root Store schemes --> Audit report --> CP/CPS --> Binding RPA/Subscriber Agreement
Thanks,
M.D
On 10/13/2017 12:58 AM, Ryan Sleevi via Public wrote:
On Thu, Oct 12, 2017 at 5:38 PM, Virginia Fournier via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:
Message: 3
Date: Fri, 13 Oct 2017 00:18:33 +0300
From: "Moudrick M. Dadashov" <md at ssc.lt<mailto:md at ssc.lt>>
To: Virginia Fournier via Public <public at cabforum.org<mailto:public at cabforum.org>>
Subject: Re: [cabfpub] Limitation of Liability and Indemnification
Message-ID: <3b9e4544-5b18-7535-c712-1cf544d7d8c5 at ssc.lt<mailto:3b9e4544-5b18-7535-c712-1cf544d7d8c5 at ssc.lt>>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Could you please explain why you think BR and EV Requirements are only
binding on members of the Forum?
Thanks,
M.D.
Hi M.D.
I can see why this would be hard to understand.
Entities who are not members of the Forum have nothing that would legally bind them to abide by those limitations. They aren’t members, so they aren’t bound by any of the Forum documents - Bylaws, Baseline Requirements, etc. They don’t have a written agreement with the Forum to abide by certain requirements, so they’re not bound that way either.
Members of the Forum also aren't bound to abide by the Baseline Requirements.
Given this, does that resolve your concern?
The best way to make the limitations binding on the Subscribers, Relying Parties, etc. would be for the CAs to enter into agreements with those parties, and try to get them to agree to the limitations. But, again, they could just ignore the limitations.
Perhaps phrased differently - the BRs describe what such agreements MUST and SHOULD contain. This is allowing a further modification (a MAY) to such agreements. The enforcement and requirement that CAs agreements do or do not contain such provisions is done by the root stores that individual CAs partner with - not by the Forum.
No member of the Forum is bound to abide by the Baseline Requirements by the Forum. The only document any member is bound to is to the IPR policy (as per the mutual contracts signed).
_______________________________________________
Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171012/59c2c689/attachment-0003.html>
More information about the Public
mailing list