[cabf_validation] Change in liability for EV certificates

Peter Bowen pzb at amzn.com
Sat Jun 3 08:22:49 MST 2017 

Here is a revision of Version 2.

18. Liability and Indemnification

CAs MAY limit their liability as described in Section 9.8 of the Baseline Requirements except that a CA MAY NOT limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to a monetary amount less than the least of: (1) five million US dollars – aggregated across all claims, Subscribers, and Relying Parties –for all EV Certificates issued by the CA during any continuous 12 month period; (2) one hundred thousand US dollars – aggregated across all claims, Subscribers, and Relying Parties – per EV Certificate; and (3) two thousand US dollars per Subscriber or Relying Party per EV Certificate.  These limitations are notwithstanding anything in the Baseline Requirements purportedly to the contrary.

A CA's indemnification obligations and a Root CA’s obligations with respect to subordinate CAs are set forth in Section 9.9 of the Baseline Requirements.






I’ll put together a draft ballot if I can get a couple of endorsers.

Thanks,
Peter

> On Jun 1, 2017, at 10:24 AM, Kirk Hall via Validation <validation at cabforum.org> wrote:
> 
> Here are two versions of what we discussed today.  Peter and Ben – do you want to take this and run with it?  You can create a draft ballot and put up for discussion on the next call June 8…
>  
>  
> Version 1 – Aggregate Limit per EV Certificate Only
>  
> 18. Liability and Indemnification
>  
> CAs MAY limit their liability as described in Section 18 of the Baseline Requirements except that a CA MAY NOT limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to a monetary amount less than two thousand US dollars per Subscriber or Relying Party per EV Certificate.  CA MAY limit their aggregate liability to all Subscribers and Relying Parties for all claims per EV Certificate to an amount not less than $100,000
>  
> A CA's indemnification obligations and a Root CA’s obligations with respect to subordinate CAs are set forth in the Baseline Requirements.
>  
>  
> Version 2 – Aggregate Limit per EV Certificate and All EV Certificates Issued in 12 Month Period
>  
> 18. Liability and Indemnification
>  
> CAs MAY limit their liability as described in Section 18 of the Baseline Requirements except that a CA MAY NOT limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to a monetary amount less than two thousand US dollars per Subscriber or Relying Party per EV Certificate.  CA MAY limit their aggregate liability to all Subscribers and Relying Parties (1) for all claims arising from or relating to a single EV Certificate to an amount not less than $100,000, and (2) for all claims arising from or relating to all EV Certificates issued during any 12 month period to an amount not less than $5,000,000.
>  
> A CA's indemnification obligations and a Root CA’s obligations with respect to subordinate CAs are set forth in the Baseline Requirements.
>  
>  
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org <mailto:Validation at cabforum.org>
> https://cabforum.org/mailman/listinfo/validation <https://cabforum.org/mailman/listinfo/validation>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170603/71e07d33/attachment-0001.html>

More information about the Validation mailing list