And it should be an “and” or a “but”, but rephrased nevertheless.
Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Ben Wilson Sent: Tuesday, July 25, 2017 5:11 PM To: Ben Wilson <ben.wil...@digicert.com>; CA/Browser Forum Public Discussion List <public@cabforum.org>; Moudrick M. Dadashov <m...@ssc.lt> Subject: RE: [cabfpub] Pre-Ballot 209 EV Liability Never mind – I think I now see your point. Not “up to” it needs to be “not less than $5 million.” Would that make it clearer? Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: Tuesday, July 25, 2017 5:10 PM To: Moudrick M. Dadashov <m...@ssc.lt <mailto:m...@ssc.lt> >; CA/Browser Forum Public Discussion List <public@cabforum.org <mailto:public@cabforum.org> > Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability It’s permissive – a CA MAY limit its liability. Maybe we should say “up to $5 million”. Then, would that be clearer - that it can be less than $5 million? Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Moudrick M. Dadashov [mailto:m...@ssc.lt] Sent: Tuesday, July 25, 2017 4:35 PM To: Ben Wilson <ben.wil...@digicert.com <mailto:ben.wil...@digicert.com> >; CA/Browser Forum Public Discussion List <public@cabforum.org <mailto:public@cabforum.org> > Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability With "and" I don't see its optional. Again, just to understand the model: is per EV certificate amount is NOT fixed whereas 12-month continuous amount is the only option ($5 mln.)? Thanks, M.D. On 7/26/2017 1:28 AM, Ben Wilson wrote: All of the provisions would provide optional caps that CAs could place on EV liability. The 12-month $5 Million cap allows a CA to cap all EV liability to all those EV certificates issued within a single year. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Moudrick M. Dadashov [mailto:m...@ssc.lt] Sent: Tuesday, July 25, 2017 4:24 PM To: Ben Wilson <mailto:ben.wil...@digicert.com> <ben.wil...@digicert.com>; CA/Browser Forum Public Discussion List <mailto:public@cabforum.org> <public@cabforum.org> Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability Ok. Do I understand the intention correctly: to have a "floating liability" amount per EV certificate and "fixed liability" amount per continuous 12-month period? Thanks, M.D. On 7/26/2017 1:10 AM, Ben Wilson wrote: No. Because they MAY do both. An “or” would mean that they have to choose between the two, which isn’t the intent. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Moudrick M. Dadashov [mailto:m...@ssc.lt] Sent: Tuesday, July 25, 2017 4:09 PM To: Ben Wilson <mailto:ben.wil...@digicert.com> <ben.wil...@digicert.com>; CA/Browser Forum Public Discussion List <mailto:public@cabforum.org> <public@cabforum.org> Subject: Re: [cabfpub] Pre-Ballot 209 EV Liability Hi Ben, could it be "or" between (1) and (2)? Thanks, M.D. On 7/25/2017 11:59 PM, Ben Wilson via Public wrote: Here is another pre-ballot for discussion. Ballot 209 - EV Liability In Section 18 of the EV Guidelines, add the following sentences to the end of the first paragraph: Notwithstanding the foregoing, a CA MAY limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to: (1) one hundred thousand US dollars – aggregated across all claims, Subscribers, and Relying Parties – per EV Certificate; and (2) five million US dollars – aggregated across all claims, Subscribers, and Relying Parties – for all EV Certificates issued by the CA during any continuous 12-month period. These limitations are notwithstanding anything in the Baseline Requirements purportedly to the contrary. Such that Section 18 of the EV Guidelines would read: CAs MAY limit their liability as described in Section 9.8 of the Baseline Requirements except that a CA MAY NOT limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to a monetary amount less than two thousand US dollars per Subscriber or Relying Party per EV Certificate. Notwithstanding the foregoing, a CA MAY limit its liability to Subscribers or Relying Parties for legally recognized and provable claims to: (1) one hundred thousand US dollars – aggregated across all claims, Subscribers, and Relying Parties – per EV Certificate; and (2) five million US dollars – aggregated across all claims, Subscribers, and Relying Parties – for all EV Certificates issued by the CA during any continuous 12-month period. These limitations are notwithstanding anything in the Baseline Requirements purportedly to the contrary. A CA's indemnification obligations and a Root CA’s obligations with respect to subordinate CAs are set forth in Section 9.9 of the Baseline Requirements. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 _______________________________________________ Public mailing list Public@cabforum.org <mailto:Public@cabforum.org> https://cabforum.org/mailman/listinfo/public
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public