On 22/10/17 00:12, Kirk Hall via Public wrote: > The draft ballot continues to allow a CA to limit liability for a bad EV > cert to $2,000 per subscriber or relying party, but ALSO allows the CA > to limit aggregate liability from all claims from a single bad EV cert > to $100,000
I can see why a CA might want this to make it easier to get insurance, as the liability is not unlimited. But the $100,000 figure in particular seems low to me. In fact, as does the $2,000 per subscriber. If someone has suffered significant harm, why should they not be able to claim more than $2,000? I'd like to see figures like: Per-subscriber: $50,000 Per-cert: $1M Per-incident: $5M This still leaves the same per-incident cap, and so the same theoretical maximum. EV is supposed to be a solid, validated cert. In 10 years we have, AFAIK, had no confirmed cases of misissuance. The amounts available should reflect CAs' confidence in the vetting. Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
