[cabfpub] Limitation of Liability and Indemnification

Phillip philliph at comodo.com
Mon Oct 23 17:37:59 UTC 2017

Has anyone ever established a loss as a result of a mis-issued certificate?


The point of insurance is that an insurer is like an auditor except that they have skin in the game. An auditor rarely suffers as a result of a negligent audit. Arthur Andersen survived Sunbeam, DeLorean and numerous others before Enron sunk them. An insurer is required to back their assessment of risk with actual dollars.


Nothing gives perfect security but insurance is a tool we need to learn how to use as an industry.



From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi via Public
Sent: Monday, October 23, 2017 11:26 AM
To: Gervase Markham <gerv at mozilla.org>
Cc: CA/Browser Forum Public Discussion List <public at cabforum.org>; Virginia Fournier <vfournier at apple.com>
Subject: Re: [cabfpub] Limitation of Liability and Indemnification




On Mon, Oct 23, 2017 at 10:54 AM, Gervase Markham <gerv at mozilla.org <mailto:gerv at mozilla.org> > wrote:

On 23/10/17 14:55, Ryan Sleevi wrote:
> I don't believe this is correct or supported by fact, Gerv, nor
> supported by the limits of liability if you review CA's CP/CPS.

I'm not sure what you mean. If you mean the limits I'm suggesting are
currently not offered by CAs, well of course they aren't.


No, I mean both with respect to the misissuance of EV (I can think of several CAs that have done so) and to the terms of claiming liability (I encourage you to read the CP/CPSes of those who have).


I'm curious whether there has ever been a successful claim of liability. Certainly, the claims of insurance to date have been rejected.


> We are very much opposed to increasing liability, and I'm surprised to
> see Mozilla advocating it, given its past votes to abolish liability
> requirements from EV given the practical challenges they face. 


You mean Google sees CA liability for misissuance as a paper tiger?


Ballot 141 - https://cabforum.org/2015/01/19/ballot-141-elimination-ev-insurance-requirement-financial-responsibility-mis-issued-certificates/ - and Ballot 142 - https://cabforum.org/2015/01/19/ballot-142-elimination-ev-insurance-requirement/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171023/dae7a76a/attachment-0003.html>

More information about the Public mailing list