[cabfpub] Limitation of Liability and Indemnification
Moudrick M. Dadashov
md at ssc.lt
Thu Oct 12 22:42:33 UTC 2017
Actually I was not correct what RPs and Subscribers get is certificates
that they must accept.
If they do, they are bound to CA's policy (CP/CPS) explicitly indicated
in the certificate. Maybe the binding chain should look like this:
BR/EVG --> Webtrust/ETSI schemes --> *Root Store schemes* --> Audit
report --> CP/CPS --> RPA/Subscriber Agreement --> Subscriber
Certificate --> RP/Subscriber
On 10/13/2017 1:21 AM, Virginia Fournier wrote:
> If you can get the Relying Parties and Subscribers to sign the
> agreement with the limitations of liability and indemnification in it,
> then they are bound. But the rest does not require them to agree to
> those provisions. It’s entirely up to the Relying Parties and
> Subscribers to decide whether they accept those provisions or not.
> If you have any additional questions, you should discuss with your
> Given that the limitations are not required, is there a need to
> proceed with this ballot?
> Best regards,
> Virginia Fournier
> Senior Standards Counsel
> Apple Inc.
> ☏ 669-227-9595
> ✉︎ vmf at apple.com <mailto:vmf at apple.com>
> On Oct 12, 2017, at 3:11 PM, Moudrick M. Dadashov <md at ssc.lt
> <mailto:md at ssc.lt>> wrote:
> How about:
> BR/EVG --> Webtrust/ETSI schemes --> *Root Store schemes* --> Audit
> report --> CP/CPS --> Binding RPA/Subscriber Agreement
> On 10/13/2017 12:58 AM, Ryan Sleevi via Public wrote:
>> On Thu, Oct 12, 2017 at 5:38 PM, Virginia Fournier via Public
>> <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>> Message: 3
>> Date: Fri, 13 Oct 2017 00:18:33 +0300
>> From: "Moudrick M. Dadashov" <md at ssc.lt <mailto:md at ssc.lt>>
>> To: Virginia Fournier via Public <public at cabforum.org
>> <mailto:public at cabforum.org>>
>> Subject: Re: [cabfpub] Limitation of Liability and Indemnification
>> Message-ID: <3b9e4544-5b18-7535-c712-1cf544d7d8c5 at ssc.lt
>> <mailto:3b9e4544-5b18-7535-c712-1cf544d7d8c5 at ssc.lt>>
>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>> Could you please explain why you think BR and EV Requirements are
>> binding on members of the Forum?
>> Hi M.D.
>> I can see why this would be hard to understand.
>> Entities who are not members of the Forum have nothing that would
>> legally bind them to abide by those limitations. They aren’t
>> members, so they aren’t bound by any of the Forum documents -
>> Bylaws, Baseline Requirements, etc. They don’t have a written
>> agreement with the Forum to abide by certain requirements, so
>> they’re not bound that way either.
>> Members of the Forum also aren't bound to abide by the Baseline
>> Given this, does that resolve your concern?
>> The best way to make the limitations binding on the Subscribers,
>> Relying Parties, etc. would be for the CAs to enter into
>> agreements with those parties, and try to get them to agree to
>> the limitations. But, again, they could just ignore the limitations.
>> Perhaps phrased differently - the BRs describe what such agreements
>> MUST and SHOULD contain. This is allowing a further modification (a
>> MAY) to such agreements. The enforcement and requirement that CAs
>> agreements do or do not contain such provisions is done by the root
>> stores that individual CAs partner with - not by the Forum.
>> No member of the Forum is bound to abide by the Baseline Requirements
>> by the Forum. The only document any member is bound to is to the IPR
>> policy (as per the mutual contracts signed).
>> Public mailing list
>> Public at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public