[cabfpub] Limitation of Liability and Indemnification

Moudrick M. Dadashov md at ssc.lt
Thu Oct 12 22:42:33 UTC 2017


Actually I was not correct what RPs and Subscribers get is certificates 
that they must accept.

If they do, they are bound to CA's policy (CP/CPS) explicitly indicated 
in the certificate. Maybe the binding chain should look like this:

BR/EVG --> Webtrust/ETSI schemes --> *Root Store schemes* --> Audit 
report --> CP/CPS --> RPA/Subscriber Agreement --> Subscriber 
Certificate --> RP/Subscriber

Thanks,
M.D.

On 10/13/2017 1:21 AM, Virginia Fournier wrote:
> MD,
>
> If you can get the Relying Parties and Subscribers to sign the 
> agreement with the limitations of liability and indemnification in it, 
> then they are bound.  But the rest does not require them to agree to 
> those provisions.  It’s entirely up to the Relying Parties and 
> Subscribers to decide whether they accept those provisions or not.
>
> If you have any additional questions, you should discuss with your 
> counsel.
>
> Given that the limitations are not required, is there a need to 
> proceed with this ballot?
>
>
> Best regards,
>
> Virginia Fournier
> Senior Standards Counsel
>  Apple Inc.
> ☏ 669-227-9595
> ✉︎ vmf at apple.com <mailto:vmf at apple.com>
>
>
>
>
>
>
> On Oct 12, 2017, at 3:11 PM, Moudrick M. Dadashov <md at ssc.lt 
> <mailto:md at ssc.lt>> wrote:
>
> How about:
>
> BR/EVG --> Webtrust/ETSI schemes --> *Root Store schemes* --> Audit 
> report --> CP/CPS --> Binding RPA/Subscriber Agreement
>
> Thanks,
> M.D
>
> On 10/13/2017 12:58 AM, Ryan Sleevi via Public wrote:
>>
>>
>> On Thu, Oct 12, 2017 at 5:38 PM, Virginia Fournier via Public 
>> <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>>
>>     Message: 3
>>     Date: Fri, 13 Oct 2017 00:18:33 +0300
>>     From: "Moudrick M. Dadashov" <md at ssc.lt <mailto:md at ssc.lt>>
>>     To: Virginia Fournier via Public <public at cabforum.org
>>     <mailto:public at cabforum.org>>
>>     Subject: Re: [cabfpub] Limitation of Liability and Indemnification
>>     Message-ID: <3b9e4544-5b18-7535-c712-1cf544d7d8c5 at ssc.lt
>>     <mailto:3b9e4544-5b18-7535-c712-1cf544d7d8c5 at ssc.lt>>
>>     Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>
>>     Could you please explain why you think BR and EV Requirements are
>>     only
>>     binding on members of the Forum?
>>
>>     Thanks,
>>     M.D.
>>
>>     Hi M.D.
>>
>>     I can see why this would be hard to understand.
>>
>>     Entities who are not members of the Forum have nothing that would
>>     legally bind them to abide by those limitations.  They aren’t
>>     members, so they aren’t bound by any of the Forum documents -
>>     Bylaws, Baseline Requirements, etc. They don’t have a written
>>     agreement with the Forum to abide by certain requirements, so
>>     they’re not bound that way either.
>>
>>
>> Members of the Forum also aren't bound to abide by the Baseline 
>> Requirements.
>>
>> Given this, does that resolve your concern?
>>
>>     The best way to make the limitations binding on the Subscribers,
>>     Relying Parties, etc. would be for the CAs to enter into
>>     agreements with those parties, and try to get them to agree to
>>     the limitations.  But, again, they could just ignore the limitations.
>>
>>
>> Perhaps phrased differently - the BRs describe what such agreements 
>> MUST and SHOULD contain. This is allowing a further modification (a 
>> MAY) to such agreements. The enforcement and requirement that CAs 
>> agreements do or do not contain such provisions is done by the root 
>> stores that individual CAs partner with - not by the Forum.
>>
>> No member of the Forum is bound to abide by the Baseline Requirements 
>> by the Forum. The only document any member is bound to is to the IPR 
>> policy (as per the mutual contracts signed).
>>
>>
>>
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org
>> https://cabforum.org/mailman/listinfo/public
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20171013/8d4dbcc0/attachment-0003.html>


More information about the Public mailing list