[cabf_validation] Change in liability for EV certificates

Moudrick M. Dadashov md at ssc.lt
Sun Jun 4 07:23:06 MST 2017


Good day, Peter

thank you, IMO this would be a good step forward, we'll endorse this.

Thanks,
M.D.

On 6/3/2017 6:22 PM, Peter Bowen via Validation wrote:
>
> Here is a revision of Version 2.
>
>     18. Liability and Indemnification
>
>     CAs MAY limit their liability as described in Section 9.8 of the
>     Baseline Requirements except that a CA MAY NOT limit its liability
>     to Subscribers or Relying Parties for legally recognized and
>     provable claims to a monetary amount less than the least of:
>     (1) five million US dollars – aggregated across all claims,
>     Subscribers, and Relying Parties –for all EV Certificates issued
>     by the CA during any continuous 12 month period; (2) one hundred
>     thousand US dollars – aggregated across all claims, Subscribers,
>     and Relying Parties – per EV Certificate; and (3) two thousand US
>     dollars per Subscriber or Relying Party per EV Certificate.  These
>     limitations are notwithstanding anything in the Baseline
>     Requirements purportedly to the contrary.
>
>     A CA's indemnification obligations and a Root CA’s obligations
>     with respect to subordinate CAs are set forth in Section 9.9 of
>     the Baseline Requirements.
>
>
> I’ll put together a draft ballot if I can get a couple of endorsers.
>
> Thanks,
> Peter
>
>> On Jun 1, 2017, at 10:24 AM, Kirk Hall via Validation 
>> <validation at cabforum.org <mailto:validation at cabforum.org>> wrote:
>>
>> Here are two versions of what we discussed today. _Peter and Ben_– do 
>> you want to take this and run with it?  You can create a draft ballot 
>> and put up for discussion on the next call June 8…
>> *_Version 1 – Aggregate Limit per EV Certificate Only_*
>> **
>> 18. Liability and Indemnification
>> CAs MAY limit their liability as described in Section 18 of the 
>> Baseline Requirements except that a CA MAY NOT limit its liability to 
>> Subscribers or Relying Parties for legally recognized and provable 
>> claims to a monetary amount less than two thousand US dollars per 
>> Subscriber or Relying Party per EV Certificate. *_CA MAY limit their 
>> aggregate liability to all Subscribers and Relying Parties for all 
>> claims per EV Certificate to an amount not less than $100,000_*
>> A CA's indemnification obligations and a Root CA’s obligations with 
>> respect to subordinate CAs are set forth in the Baseline Requirements.
>> *_Version 2_**_– Aggregate Limit per EV Certificate and All EV 
>> Certificates Issued in 12 Month Period_**__*
>> 18. Liability and Indemnification
>> CAs MAY limit their liability as described in Section 18 of the 
>> Baseline Requirements except that a CA MAY NOT limit its liability to 
>> Subscribers or Relying Parties for legally recognized and provable 
>> claims to a monetary amount less than two thousand US dollars per 
>> Subscriber or Relying Party per EV Certificate. *_CA MAY limit their 
>> aggregate liability to all Subscribers and Relying Parties (1) for 
>> all claims arising from or relating to a single EV Certificate to an 
>> amount not less than $100,000, and (2) for all claims arising from or 
>> relating to all EV Certificates issued during any 12 month period to 
>> an amount not less than $5,000,000._*
>> A CA's indemnification obligations and a Root CA’s obligations with 
>> respect to subordinate CAs are set forth in the Baseline Requirements.
>> _______________________________________________
>> Validation mailing list
>> Validation at cabforum.org <mailto:Validation at cabforum.org>
>> https://cabforum.org/mailman/listinfo/validation
>
>
>
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://cabforum.org/mailman/listinfo/validation

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170604/32808ea2/attachment-0001.html>


More information about the Validation mailing list