[cabfpub] Ballot 133 - Insurance Requirements for EV Issuers

Rijt, R.A. van de (Robert) - Logius robert.vande.rijt at logius.nl
Tue Oct 21 14:21:50 UTC 2014


Logius PKIoverheid abstains.

Regards,
Robert
On 10/08/2014 07:08 PM, Ben Wilson wrote:

Ballot 133 - Insurance Requirements for EV Issuers

The following motion has been proposed by Ben Wilson of Digicert and endorsed by Atilla Biler of Turktrust and Dean Coclin of Symantec.

Purpose

The purpose of this ballot is to simplify the insurance requirements in section 8.4 of the EV Guidelines by replacing commercial general liability in (A) with an ordinary property casualty insurance requirement and to simplify third party liability coverage in (B) and reduce the required amount of that coverage down to $3 million. This should make it easier for CAs to obtain insurance required by the EV Guidelines.

-- MOTION BEGINS --

1. Amend the second paragraph of Section 8.1 as follows:

If a court or government body with jurisdiction over the activities covered by these Guidelines determines that the performance of any mandatory requirement is illegal or would conflict with local law, then such requirement is considered reformed to the minimum extent necessary to make the requirement valid and legal. This applies only to operations, or certificate issuances, or insurance requirements that are subject to the laws of that jurisdiction. The parties involved SHALL notify the CA / Browser Forum of the facts, circumstances, and law(s) involved, so that the CA/Browser Forum may revise these Guidelines accordingly.

2. Amend Section 8.4 as follows:
8.4.  Insurance
Each CA SHALL maintain the following insurance related to their its respective performance and obligations under these Guidelines:
(A) Property insurance for casualty/perils of fire, water, electrical failure, and natural disaster in sufficient amount to cover damage or loss to physical assets used to issue and maintain EV Certificates, Commercial General Liability insurance (occurrence form) with policy limits of at least two million US dollars in coverage; and
(B) Professional Liability, Errors and Omissions insurance, with policy limits of at least five three million US dollars in coverage, per claim and in the aggregate, and including coverage for (i) claims for direct damages arising out of an negligent act, error, or omission, unintentional breach of contract, or neglect in issuing or maintaining EV Certificates, and (ii) claims for damages arising out of infringement of the proprietary rights of any third party (excluding copyright, and trademark infringement), and invasion of privacy and advertising injury.

(1) Such insurance MUST NOT exclude coverage when providing cryptographic, digital signature, or public key infrastructure services;

and

(2) Such insurance must:

(i) be maintained for all periods during which an EV Certificate issued by the CA is still valid (and if coverage is canceled or not renewed, the CA shall purchase an extended reporting period for such periods);

(ii) include coverage for those territories where the CA provides EV Certificates; and

(iii) be with a company rated good or better by Standard & Poor's, A.M. no less than A- as to Policy Holder's Rating in the current edition of Best's Insurance Guide, Fitch, Moody's, DBRS, Japan Credit Rating Agency, Creditreform, Scope Ratings, or another similarly recognized insurance rating agency (or with an association of companies each of the members of which are so rated).

If available at reasonable cost, a CA SHOULD maintain coverage for damage or loss to data, software, systems, and for business interruption due to IT security failure, malware, network attack, criminal hacker, or theft.

A CA MAY self-insure for liabilities that arise from such party's performance and obligations under these Guidelines provided that it has at least five hundred million US dollars in liquid current assets based on audited financial statements in the past twelve months, and a quick ratio (ratio of liquid current assets to current liabilities) of not less than 1.0.
-- MOTION ENDS --
The review period for this ballot shall commence at 2200 UTC on Wednesday, 8 October 2014, and will close at 2200 UTC on Wednesday, 15 October 2014. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2200 UTC on Wednesday, 22 October 2014. Votes must be cast by posting an on-list reply to this thread.
A vote in favor of the motion must indicate a clear 'yes' in the response. A vote against must indicate a clear 'no' in the response. A vote to abstain must indicate a clear 'abstain' in the response. Unclear responses will not be counted. The latest vote received from any representative of a voting member before the close of the voting period will be counted. Voting members are listed here: https://cabforum.org/members/
In order for the motion to be adopted, two thirds or more of the votes cast by members in the CA category and greater than 50% of the votes cast by members in the browser category must be in favor. Quorum is currently nine (9) members- at least nine members must participate in the ballot, either by voting in favor, voting against, or abstaining.




_______________________________________________

Public mailing list

Public at cabforum.org<mailto:Public at cabforum.org>

https://cabforum.org/mailman/listinfo/public

--
Regards



Signer:

Eddy Nigg, COO/CTO



StartCom Ltd.<http://www.startcom.org>

XMPP:

startcom at startcom.org<xmpp:startcom at startcom.org>

Blog:

Join the Revolution!<http://blog.startcom.org>

Twitter:

Follow Me<http://twitter.com/eddy_nigg>








_______________________________________________

Public mailing list

Public at cabforum.org<mailto:Public at cabforum.org>

https://cabforum.org/mailman/listinfo/public




--

---

Opera Software

________________________________

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141021/27548db7/attachment-0003.html>


More information about the Public mailing list