[Servercert-wg] [EXTERNAL] Re: SC-XXX: Modify Subscriber Agreement and Terms of Use

Bruce Morton Bruce.Morton at entrust.com
Fri Aug 18 12:59:23 UTC 2023

Hi Ben,

I know we haven’t started the discussion phase, but we have some comments from our legal team.

Section 1.6.1, the new Subscriber Agreement definition would narrow considerably the defined scope of a Subscriber Agreement. The narrowed scope would not accommodate all the BR requirements for what a SA must contain. We suggest the following definition “A set of terms and conditions accepted by the Applicant/Subscriber that specifies the rights and responsibilities of the Applicant/Subscriber and the CA.”

Section 9.6.1, there have been two new warranties added which do not provide any value; and the second one may cause confusion and disruption. With respect to i., making the most current version of the SA available, all CAs are already required to do this by putting the SA into their repository.  With respect to ii., it should not matter whether the “applicable” version of the SA happens to be the version accepted at the time of issuance. The original warranty in 9.6.1(5), which is being kept, is the only one that matters, i.e. that there is an SA in place that meets the Requirements. As such, we recommend the two new proposed warranties be dropped.

Thanks, Bruce.

From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Ben Wilson via Servercert-wg
Sent: Wednesday, August 16, 2023 3:46 PM
To: Clint Wilson <clintw at apple.com>
Cc: ServerCert CA/BF <servercert-wg at cabforum.org>
Subject: [EXTERNAL] Re: [Servercert-wg] SC-XXX: Modify Subscriber Agreement and Terms of Use

Hi Clint, Basically, that's about it, except by removing the separate "Terms of Use" and collapsing that concept into "Subscriber Agreement" there are places where "agreeing" and "legally binding"

Hi Clint,

Basically, that's about it, except by removing the separate "Terms of Use" and collapsing that concept into "Subscriber Agreement" there are places where "agreeing" and "legally binding" may get watered down. "Agree" is replaced with "accept" in some places, and in two places "legally binding" is preserved for unaffiliated parties but not between affiliates (line 3364 and line 3380), but I don't think that make the proposed language less protective than it is with the current "Terms of Use" language.

That being said, we could expand the scope of the ballot to address other "Subscriber Agreement" issues, if anyone can articulate them and present acceptable language that would address them.

Dustin Hollenback is the proposer of this ballot, so he may have additional points he'd like to make or clarify.


On Wed, Aug 16, 2023 at 12:29 PM Clint Wilson <clintw at apple.com<mailto:clintw at apple.com>> wrote:
Hi Ben,

As I understand it the goal of these changes is just to simplify the terms used in the BRs — and, as has been brought up separately, potentially other CA/BF Final Guidelines — in order to enable collapsing their use of “Terms of Use” into the concept of the “Subscriber Agreement”. Is that an accurate description of the intent of this draft? Are there any other goals or outcomes being aimed at with these changes?


On Aug 14, 2023, at 12:40 PM, Ben Wilson via Servercert-wg <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>> wrote:

Dustin Hollenback and I are looking for another endorser for a proposed ballot - see https://github.com/cabforum/servercert/compare/a0360b61e73476959220dc328e3b68d0224fa0b3..663695b8319c0cd32e0060bb9304ecd32e3737a1<https://urldefense.com/v3/__https:/github.com/cabforum/servercert/compare/a0360b61e73476959220dc328e3b68d0224fa0b3..663695b8319c0cd32e0060bb9304ecd32e3737a1__;!!FJ-Y8qCqXTj2!caJCPNsLJuFgUjMFcLQlOVayzlOKN08OAOHZ8LKuWYmXR5Fh61slDQy7tooRz-EzcdPxJtbzdkmd-lWFM8Xtb2sjK4d54w$>
It would remove the concept of a separate "Terms of Use" and replace it with "Subscriber Agreement" and make several other changes with respect to "Subscriber Agreements".
Is anyone interested in endorsing?
Servercert-wg mailing list
Servercert-wg at cabforum.org<mailto:Servercert-wg at cabforum.org>

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20230818/3328599e/attachment.html>

More information about the Servercert-wg mailing list