Virginia, As Ryan stated, this requirement is about constraining the liability limits that CAs are allowed to place in their SA/RPA(s). If the CA isn’t permitted to enter in to an agreement with a liability limit lower than what is specified by the CA/B Forum and enforced by the root programs via audits, then I fail to see how these limitations ‘are not required’?
Thanks, Wayne From: Public <[email protected]> on behalf of Virginia Fournier via Public <[email protected]> Reply-To: Virginia Fournier <[email protected]>, CA/Browser Forum Public Discussion List <[email protected]> Date: Thursday, October 12, 2017 at 3:21 PM To: "Moudrick M. Dadashov" <[email protected]> Cc: CA/Browser Forum Public Discussion List <[email protected]> Subject: Re: [cabfpub] Limitation of Liability and Indemnification MD, If you can get the Relying Parties and Subscribers to sign the agreement with the limitations of liability and indemnification in it, then they are bound. But the rest does not require them to agree to those provisions. It’s entirely up to the Relying Parties and Subscribers to decide whether they accept those provisions or not. If you have any additional questions, you should discuss with your counsel. Given that the limitations are not required, is there a need to proceed with this ballot? Best regards, Virginia Fournier Senior Standards Counsel Apple Inc. ☏ 669-227-9595 ✉︎ [email protected]<mailto:[email protected]> On Oct 12, 2017, at 3:11 PM, Moudrick M. Dadashov <[email protected]<mailto:[email protected]>> wrote: How about: BR/EVG --> Webtrust/ETSI schemes --> Root Store schemes --> Audit report --> CP/CPS --> Binding RPA/Subscriber Agreement Thanks, M.D On 10/13/2017 12:58 AM, Ryan Sleevi via Public wrote: On Thu, Oct 12, 2017 at 5:38 PM, Virginia Fournier via Public <[email protected]<mailto:[email protected]>> wrote: Message: 3 Date: Fri, 13 Oct 2017 00:18:33 +0300 From: "Moudrick M. Dadashov" <[email protected]<mailto:[email protected]>> To: Virginia Fournier via Public <[email protected]<mailto:[email protected]>> Subject: Re: [cabfpub] Limitation of Liability and Indemnification Message-ID: <[email protected]<mailto:[email protected]>> Content-Type: text/plain; charset="utf-8"; Format="flowed" Could you please explain why you think BR and EV Requirements are only binding on members of the Forum? Thanks, M.D. Hi M.D. I can see why this would be hard to understand. Entities who are not members of the Forum have nothing that would legally bind them to abide by those limitations. They aren’t members, so they aren’t bound by any of the Forum documents - Bylaws, Baseline Requirements, etc. They don’t have a written agreement with the Forum to abide by certain requirements, so they’re not bound that way either. Members of the Forum also aren't bound to abide by the Baseline Requirements. Given this, does that resolve your concern? The best way to make the limitations binding on the Subscribers, Relying Parties, etc. would be for the CAs to enter into agreements with those parties, and try to get them to agree to the limitations. But, again, they could just ignore the limitations. Perhaps phrased differently - the BRs describe what such agreements MUST and SHOULD contain. This is allowing a further modification (a MAY) to such agreements. The enforcement and requirement that CAs agreements do or do not contain such provisions is done by the root stores that individual CAs partner with - not by the Forum. No member of the Forum is bound to abide by the Baseline Requirements by the Forum. The only document any member is bound to is to the IPR policy (as per the mutual contracts signed). _______________________________________________ Public mailing list [email protected]<mailto:[email protected]> https://cabforum.org/mailman/listinfo/public
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
