[cabfpub] Pre-Ballot 209 EV Liability

Moudrick M. Dadashov md at ssc.lt
Tue Jul 25 16:47:43 MST 2017 

Would you mind to show how it would sound now? :)

Thanks,
M.D.

On 7/26/2017 2:14 AM, Ben Wilson wrote:
>
> And it should be an “and” or a “but”, but rephrased nevertheless.
>
> *Ben Wilson, JD, CISA, CISSP*
>
> VP Compliance
>
> +1 801 701 9678
>
> *From:*Ben Wilson
> *Sent:* Tuesday, July 25, 2017 5:11 PM
> *To:* Ben Wilson <ben.wilson at digicert.com>; CA/Browser Forum Public 
> Discussion List <public at cabforum.org>; Moudrick M. Dadashov <md at ssc.lt>
> *Subject:* RE: [cabfpub] Pre-Ballot 209 EV Liability
>
> Never mind – I think I now see your point.  Not “up to” it needs to be 
> “not less than $5 million.”  Would that make it clearer?
>
> *Ben Wilson, JD, CISA, CISSP*
>
> VP Compliance
>
> +1 801 701 9678
>
> *From:*Public [mailto:public-bounces at cabforum.org] *On Behalf Of *Ben 
> Wilson via Public
> *Sent:* Tuesday, July 25, 2017 5:10 PM
> *To:* Moudrick M. Dadashov <md at ssc.lt <mailto:md at ssc.lt>>; CA/Browser 
> Forum Public Discussion List <public at cabforum.org 
> <mailto:public at cabforum.org>>
> *Subject:* Re: [cabfpub] Pre-Ballot 209 EV Liability
>
> It’s permissive – a CA MAY limit its liability.   Maybe we should say 
> “up to $5 million”.   Then, would that be clearer -  that it can be 
> less than $5 million?
>
> *Ben Wilson, JD, CISA, CISSP*
>
> VP Compliance
>
> +1 801 701 9678
>
> *From:*Moudrick M. Dadashov [mailto:md at ssc.lt]
> *Sent:* Tuesday, July 25, 2017 4:35 PM
> *To:* Ben Wilson <ben.wilson at digicert.com 
> <mailto:ben.wilson at digicert.com>>; CA/Browser Forum Public Discussion 
> List <public at cabforum.org <mailto:public at cabforum.org>>
> *Subject:* Re: [cabfpub] Pre-Ballot 209 EV Liability
>
> With "and" I don't see its optional.
>
> Again, just to understand the model: is per EV certificate amount is 
> NOT fixed whereas 12-month continuous amount is the only option ($5 mln.)?
>
> Thanks,
> M.D.
>
> On 7/26/2017 1:28 AM, Ben Wilson wrote:
>
>     All of the provisions would provide optional caps that CAs could
>     place on EV liability.  The 12-month $5 Million cap allows a CA to
>     cap all EV liability to all those EV certificates issued within a
>     single year.
>
>     *Ben Wilson, JD, CISA, CISSP*
>
>     VP Compliance
>
>     +1 801 701 9678
>
>     *From:*Moudrick M. Dadashov [mailto:md at ssc.lt]
>     *Sent:* Tuesday, July 25, 2017 4:24 PM
>     *To:* Ben Wilson <ben.wilson at digicert.com>
>     <mailto:ben.wilson at digicert.com>; CA/Browser Forum Public
>     Discussion List <public at cabforum.org> <mailto:public at cabforum.org>
>     *Subject:* Re: [cabfpub] Pre-Ballot 209 EV Liability
>
>     Ok. Do I understand the intention correctly: to have a "floating
>     liability" amount per EV certificate and "fixed liability" amount
>     per continuous 12-month period?
>
>     Thanks,
>     M.D.
>
>     On 7/26/2017 1:10 AM, Ben Wilson wrote:
>
>         No. Because they MAY do both.  An “or” would mean that they
>         have to choose between the two, which isn’t the intent.
>
>         *Ben Wilson, JD, CISA, CISSP*
>
>         VP Compliance
>
>         +1 801 701 9678
>
>         *From:*Moudrick M. Dadashov [mailto:md at ssc.lt]
>         *Sent:* Tuesday, July 25, 2017 4:09 PM
>         *To:* Ben Wilson <ben.wilson at digicert.com>
>         <mailto:ben.wilson at digicert.com>; CA/Browser Forum Public
>         Discussion List <public at cabforum.org> <mailto:public at cabforum.org>
>         *Subject:* Re: [cabfpub] Pre-Ballot 209 EV Liability
>
>         Hi Ben,
>
>         could it be "or" between (1) and (2)?
>
>         Thanks,
>         M.D.
>
>         On 7/25/2017 11:59 PM, Ben Wilson via Public wrote:
>
>             Here is another pre-ballot for discussion.
>
>             *Ballot 209 - EV Liability*
>
>             In Section 18 of the EV Guidelines, add the following
>             sentences to the end of the first paragraph:
>
>             Notwithstanding the foregoing, a CA MAY limit its
>             liability to Subscribers or Relying Parties for legally
>             recognized and provable claims to: (1) one hundred
>             thousand US dollars – aggregated across all claims,
>             Subscribers, and Relying Parties – per EV Certificate; and
>             (2) five million US dollars – aggregated across all
>             claims, Subscribers, and Relying Parties – for all EV
>             Certificates issued by the CA during any continuous
>             12-month period. These limitations are notwithstanding
>             anything in the Baseline Requirements purportedly to the
>             contrary.
>
>             Such that Section 18 of the EV Guidelines would read:
>
>             CAs MAY limit their liability as described in Section 9.8
>             of the Baseline Requirements except that a CA MAY NOT
>             limit its liability to Subscribers or Relying Parties for
>             legally recognized and provable claims to a monetary
>             amount less than two thousand US dollars per Subscriber or
>             Relying Party per EV Certificate. _Notwithstanding the
>             foregoing, a CA MAY limit its liability to Subscribers or
>             Relying Parties for legally recognized and provable claims
>             to: (1) one hundred thousand US dollars – aggregated
>             across all claims, Subscribers, and Relying Parties – per
>             EV Certificate; and (2) five million US dollars –
>             aggregated across all claims, Subscribers, and Relying
>             Parties – for all EV Certificates issued by the CA during
>             any continuous 12-month period. These limitations are
>             notwithstanding anything in the Baseline Requirements
>             purportedly to the contrary_.
>
>             A CA's indemnification obligations and a Root CA’s
>             obligations with respect to subordinate CAs are set forth
>             in Section 9.9 of the Baseline Requirements.
>
>             *Ben Wilson, JD, CISA, CISSP*
>
>             VP Compliance
>
>             +1 801 701 9678
>
>
>
>
>             _______________________________________________
>
>             Public mailing list
>
>             Public at cabforum.org <mailto:Public at cabforum.org>
>
>             https://cabforum.org/mailman/listinfo/public
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170726/41d27a2d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 6109 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/41d27a2d/attachment-0006.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 6018 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/41d27a2d/attachment-0007.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 5787 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/41d27a2d/attachment-0008.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 5867 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/41d27a2d/attachment-0009.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 5683 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/41d27a2d/attachment-0010.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 5782 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170726/41d27a2d/attachment-0011.jpe>

More information about the Public mailing list