[cabfpub] Limitation of Liability and Indemnification
Moudrick M. Dadashov
md at ssc.lt
Thu Oct 12 22:42:33 UTC 2017
Actually I was not correct what RPs and Subscribers get is certificates
that they must accept.
If they do, they are bound to CA's policy (CP/CPS) explicitly indicated
in the certificate. Maybe the binding chain should look like this:
BR/EVG --> Webtrust/ETSI schemes --> *Root Store schemes* --> Audit
report --> CP/CPS --> RPA/Subscriber Agreement --> Subscriber
Certificate --> RP/Subscriber
Thanks,
M.D.
On 10/13/2017 1:21 AM, Virginia Fournier wrote:
> MD,
>
> If you can get the Relying Parties and Subscribers to sign the
> agreement with the limitations of liability and indemnification in it,
> then they are bound. But the rest does not require them to agree to
> those provisions. It’s entirely up to the Relying Parties and
> Subscribers to decide whether they accept those provisions or not.
>
> If you have any additional questions, you should discuss with your
> counsel.
>
> Given that the limitations are not required, is there a need to
> proceed with this ballot?
>
>
> Best regards,
>
> Virginia Fournier
> Senior Standards Counsel
> Apple Inc.
> ☏ 669-227-9595
> ✉︎ vmf at apple.com <mailto:vmf at apple.com>
>
>
>
>
>
>
> On Oct 12, 2017, at 3:11 PM, Moudrick M. Dadashov <md at ssc.lt
> <mailto:md at ssc.lt>> wrote:
>
> How about:
>
> BR/EVG --> Webtrust/ETSI schemes --> *Root Store schemes* --> Audit
> report --> CP/CPS --> Binding RPA/Subscriber Agreement
>
> Thanks,
> M.D
>
> On 10/13/2017 12:58 AM, Ryan Sleevi via Public wrote:
>>
>>
>> On Thu, Oct 12, 2017 at 5:38 PM, Virginia Fournier via Public
>> <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>>
>> Message: 3
>> Date: Fri, 13 Oct 2017 00:18:33 +0300
>> From: "Moudrick M. Dadashov" <md at ssc.lt <mailto:md at ssc.lt>>
>> To: Virginia Fournier via Public <public at cabforum.org
>> <mailto:public at cabforum.org>>
>> Subject: Re: [cabfpub] Limitation of Liability and Indemnification
>> Message-ID: <3b9e4544-5b18-7535-c712-1cf544d7d8c5 at ssc.lt
>> <mailto:3b9e4544-5b18-7535-c712-1cf544d7d8c5 at ssc.lt>>
>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>
>> Could you please explain why you think BR and EV Requirements are
>> only
>> binding on members of the Forum?
>>
>> Thanks,
>> M.D.
>>
>> Hi M.D.
>>
>> I can see why this would be hard to understand.
>>
>> Entities who are not members of the Forum have nothing that would
>> legally bind them to abide by those limitations. They aren’t
>> members, so they aren’t bound by any of the Forum documents -
>> Bylaws, Baseline Requirements, etc. They don’t have a written
>> agreement with the Forum to abide by certain requirements, so
>> they’re not bound that way either.
>>
>>
>> Members of the Forum also aren't bound to abide by the Baseline
>> Requirements.
>>
>> Given this, does that resolve your concern?
>>
>> The best way to make the limitations binding on the Subscribers,
>> Relying Parties, etc. would be for the CAs to enter into
>> agreements with those parties, and try to get them to agree to
>> the limitations. But, again, they could just ignore the limitations.
>>
>>
>> Perhaps phrased differently - the BRs describe what such agreements
>> MUST and SHOULD contain. This is allowing a further modification (a
>> MAY) to such agreements. The enforcement and requirement that CAs
>> agreements do or do not contain such provisions is done by the root
>> stores that individual CAs partner with - not by the Forum.
>>
>> No member of the Forum is bound to abide by the Baseline Requirements
>> by the Forum. The only document any member is bound to is to the IPR
>> policy (as per the mutual contracts signed).
>>
>>
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171013/8d4dbcc0/attachment-0003.html>
More information about the Public
mailing list