Has anyone ever established a loss as a result of a mis-issued certificate?
The point of insurance is that an insurer is like an auditor except that they have skin in the game. An auditor rarely suffers as a result of a negligent audit. Arthur Andersen survived Sunbeam, DeLorean and numerous others before Enron sunk them. An insurer is required to back their assessment of risk with actual dollars. Nothing gives perfect security but insurance is a tool we need to learn how to use as an industry. From: Public [mailto:[email protected]] On Behalf Of Ryan Sleevi via Public Sent: Monday, October 23, 2017 11:26 AM To: Gervase Markham <[email protected]> Cc: CA/Browser Forum Public Discussion List <[email protected]>; Virginia Fournier <[email protected]> Subject: Re: [cabfpub] Limitation of Liability and Indemnification On Mon, Oct 23, 2017 at 10:54 AM, Gervase Markham <[email protected] <mailto:[email protected]> > wrote: On 23/10/17 14:55, Ryan Sleevi wrote: > I don't believe this is correct or supported by fact, Gerv, nor > supported by the limits of liability if you review CA's CP/CPS. I'm not sure what you mean. If you mean the limits I'm suggesting are currently not offered by CAs, well of course they aren't. No, I mean both with respect to the misissuance of EV (I can think of several CAs that have done so) and to the terms of claiming liability (I encourage you to read the CP/CPSes of those who have). I'm curious whether there has ever been a successful claim of liability. Certainly, the claims of insurance to date have been rejected. > We are very much opposed to increasing liability, and I'm surprised to > see Mozilla advocating it, given its past votes to abolish liability > requirements from EV given the practical challenges they face. Reminder? You mean Google sees CA liability for misissuance as a paper tiger? Ballot 141 - https://cabforum.org/2015/01/19/ballot-141-elimination-ev-insurance-requirement-financial-responsibility-mis-issued-certificates/ - and Ballot 142 - https://cabforum.org/2015/01/19/ballot-142-elimination-ev-insurance-requirement/
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
