Fishing
Store Extras
|
 VeriSign Relying Party Agreement
YOU MUST READ THIS RELYING PARTY AGREEMENT ("AGREEMENT") BEFORE VALIDATING A VERISIGN TRUST NETWORKSM DIGITAL CERTIFICATE ("CERTIFICATE"), USING VERISIGN'S ONLINE CERTIFICATE STATUS PROTOCOL ("OCSP") SERVICES, OR OTHERWISE ACCESSING OR USING A VERISIGN OR VERISIGN AFFILIATE DATABASE OF CERTIFICATE REVOCATIONS AND OTHER INFORMATION ("REPOSITORY") OR ANY CERTIFICATE REVOCATION LIST ISSUED BY VERISIGN, INC. ("VERISIGN CRL"). IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, DO NOT SUBMIT A QUERY AND DO NOT DOWNLOAD, ACCESS, OR USE ANY VERISIGN CRL BECAUSE YOU ARE NOT AUTHORIZED TO USE VERISIGN'S REPOSITORY OR ANY VERISIGN CRL. IN CONSIDERATION OF YOU AGREEING TO THE TERMS OF THIS RELYING PARTY AGREEMENT, YOU SHALL BE PERMITTED TO RELY ON CERTIFICATES ACCESSED BY YOU IN ACCORDANCE WITH THE TERMS OF THIS AGREEMENT.
1. Background. This Agreement becomes effective when you submit a query to search for a Certificate, or to verify a digital signature created with a private key corresponding to a public key contained in a Certificate, by downloading a VeriSign CRL, or when you otherwise use or rely upon any information or services provided by VeriSign's Repository, VeriSign's website, or any VeriSign CRL, or when you use VeriSign's OCSP services. Relying Party Agreements in force within VeriSign's subdomain of the VTN appear in the Repository at http://www.verisign.com/repository.
2. Definitions. The capitalized terms used in this Agreement shall have the following meanings unless otherwise specified:
"Certificate" shall mean a digitally signed message that contains a Subscriber's public key and associates it with information authenticated by VeriSign or a VeriSign-authorized entity
"Certificate Applicant" shall mean an individual or organization that requests the issuance of a Certificate by a Certification Authority.
"Certificate Chain" shall mean an ordered list of Certificates containing an end-user Subscriber Certificate and CA Certificates, which terminates in a root Certificate.
"Certification Authority" ("CA") shall mean an entity authorized to issue, manage, revoke, and renew Certificates in the VTN.
"Nonverified Subscriber Information" means any information submitted by a Certificate Applicant to a CA or RA, and included within a Certificate, that has not been confirmed by the CA or RA and for which the applicable CA and RA provide no assurances other than that the information was submitted by the Certificate Applicant.
"Registration Authority" ("RA") shall mean an entity approved by a CA to assist Certificate Applicants in applying for Certificates, and to approve or reject Certificate Applications, revoke Certificates, or renew Certificates.
"Relying Party" shall mean an individual or organization that acts in reliance on a Certificate or a digital signature.
"Repository" shall mean a portion of the VeriSign website where Relying Parties, Subscribers, and the general public can obtain copies of VeriSign literature, including but not limited to, the VeriSign CPS, Subscriber Agreements, whitepapers, and CRLs.
"Subscriber" shall mean a person who is the subject of and has been issued a Certificate.
"Subscriber Agreement" shall mean an agreement used by a CA or RA setting forth the terms and conditions under which an individual or organization acts as a Subscriber.
"VeriSign CPS" shall mean the VeriSign Certification Practice Statement, as amended from time to time, which may be accessed from http://www.verisign.com/repository/CPS/.
"VeriSign Trust NetworkSM" ("VTN") shall mean the VeriSign Trust Network that is a global public key infrastructure that provides Certificates for both wired and wireless applications.
3. Sufficient Information. You acknowledge and agree that you have access to sufficient information to ensure that you can make an informed decision as to the extent to which you will choose to rely on the information in a Certificate. You acknowledge and agree that your use of the Repository, your use of any VeriSign CRL, and your use of VeriSign's OCSP services are governed by this Agreement and the VeriSign CPS. YOU ARE SOLELY RESPONSIBLE FOR DECIDING WHETHER OR NOT TO RELY ON THE INFORMATION IN A CERTIFICATE. You also acknowledge and agree that you shall bear the legal consequences of your failure to comply with the Relying Party obligations set forth in this Agreement.
4. VTN Certificates. The Certificates relied upon in accordance with this Agreement are issued within the VTN. The VTN is a global public key infrastructure that provides Certificates for both wired and wireless applications. VeriSign is one of the service providers within the VTN, together with a global network of affiliates and partners throughout the world. The VTN and VeriSign under this Agreement offer three distinct classes ("Classes") of certification services, Classes 1-3, for both the wired and wireless Internet and other networks. Each level, or class, of Certificate provides specific functionality and security features and corresponds to a specific level of trust. The following subsections state the appropriate uses and authentication procedures for each Class of Certificate.
(i) Class 1 Certificates. Class 1 Certificates offer the lowest level of assurances within the VTN. The Certificates are issued to individual Subscribers only, and authentication procedures are based on assurances that the Subscriber's distinguished name is unique and unambiguous within the domain of a particular CA and that a certain e-mail address is associated with a public key. Class 1 Certificates are appropriate for digital signatures, encryption, and access control for non-commercial or low-value transactions where proof of identity is unnecessary.
(ii) Class 2 Certificates. Class 2 Certificates offer a medium level of assurances in comparison with the other two Classes. Again, they are issued to individual Subscribers only. In addition to the Class 1 authentication procedures, Class 2 authentication includes procedures based on a comparison of information submitted by the certificate applicant against information in business records or databases or the database of a VeriSign-approved identity proofing service. They can be used for digital signatures, encryption, and access control, including as proof of identity in medium-value transactions.
(iii) Class 3 Certificates. Class 3 Certificates provide the highest level of assurances within the VTN. Class 3 Certificates are issued to individuals and organizations for use with both client and server software. Class 3 individual Certificates may be used for digital signatures, encryption, and access control, including as proof of identity, in high-value transactions. Class 3 individual Certificates provide assurances of the identity of the Subscriber based on the personal (physical) presence of the Subscriber before a person that confirms the identity of the Subscriber using, at a minimum, a well-recognized form of government-issued identification and one other identification credential. Class 3 organizational Certificates are issued to devices to provide authentication; message, software, and content integrity and signing; and confidentiality encryption. Class 3 organizational Certificates provide assurances of the identity of the Subscriber based on a confirmation that the Subscriber organization does in fact exist, that the organization has authorized the Certificate Application, and that the person submitting the Certificate Application on behalf of the Subscriber was authorized to do so. Class 3 organizational Certificates for servers also provide assurances that the Subscriber is entitled to use the domain name listed in the Certificate Application, if a domain name is listed in such Certificate Application.
5. Your Obligations. As a Relying Party, you are obligated to:
(i) independently assess the appropriateness of the use of a Certificate for any given purpose and determine that the Certificate will, in fact, be used for an appropriate purpose;
(ii) utilize the appropriate software and/or hardware to perform digital signature verification or other cryptographic operations you wish to perform, as a condition of relying on a Certificate in connection with each such operation. Such operations include identifying a Certificate Chain and verifying the digital signatures on all Certificates in the Certificate Chain. You agree that you will not rely on a Certificate unless these verification procedures are successful;
(iii) check the status of a Certificate on which you wish to rely, as well as all the Certificates in its Certificate Chain. If any of the Certificates in the Certificate Chain have been revoked, you agree that that you will not rely on the end-user Subscriber Certificate or other revoked Certificate in the Certificate Chain; and
(iv) rely on the Certificate, if all of the checks described in the previous paragraphs are successful, provided that reliance upon the Certificate is reasonable under the circumstances and in light of Section 3 of this Agreement. If the circumstances do, or reasonably ought to, indicate a need for additional assurances, it is your responsibility to obtain such assurances for such reliance to be deemed reasonable.
6. Limitations on Use. Certificates issued under the VTN are not designed, intended, or authorized for use or resale as control equipment in hazardous circumstances or for uses requiring fail-safe performance such as the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control systems, or weapons control systems, where failure could lead directly to death, personal injury, or severe environmental damage. Class 1 Certificates shall not be used as proof of identity or as support of non-repudiation of identity or authority. VeriSign, and its CAs and RAs are not responsible for assessing the appropriateness of the use of a Certificate. You agree as a Relying Party that Certificates will not be used or relied upon by you beyond the limitations set forth in this Agreement.
7. Compromise of VTN Security. You agree that you shall not monitor, interfere with, or reverse engineer the technical implementation of the VTN (save to the extent that you cannot be prohibited from so doing under applicable law), except upon prior written approval from VeriSign, and shall not otherwise intentionally compromise the security of the VTN.
8. Effect of a Certificate. You acknowledge and agree, to the extent permitted by applicable law, that where a transaction is required to be in writing, a message or other record bearing a digital signature verifiable with reference to a Certificate is valid, effective, and enforceable to an extent no less than had the same message or record been written and signed on paper. Subject to applicable law, a digital signature or transaction entered into with reference to a Certificate shall be effective regardless of the geographic location where the Certificate is issued or the digital signature created or used, and regardless of the geographic location of the place of business of the CA or Subscriber.
9. VeriSign Warranties. VeriSign warrants to Relying Parties who reasonably rely on a Certificate (i) that all information in or incorporated by reference in the Certificate, except for Nonverified Subscriber Information, is accurate; (ii) that Certificates appearing in the Repository have been issued to the individual or organization named in the Certificate as the Subscriber, and the Subscriber has accepted the Certificate by downloading it from a website or via an email message sent to the Subscriber containing the Certificate; and (iii) the entities that approved the Certificate Application and issued the Certificate have substantially complied with the VeriSign CPS when issuing the Certificate.
10. Disclaimers. YOU AGREE THAT YOUR USE OF VERISIGN'S SERVICE(S) IS SOLELY AT YOUR OWN RISK. YOU AGREE THAT ALL SUCH SERVICES ARE PROVIDED ON AN "AS IS" AND AS AVAILABLE BASIS, EXCEPT AS OTHERWISE NOTED IN THIS AGREEMENT. VERISIGN EXPRESSLY DISCLAIMS ALL WARRANTIES, TERMS, CONDITIONS AND REPRESENTATIONS OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, BUT NOT LIMITED TO THOSE OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. OTHER THAN THE WARRANTIES AS SET FORTH IN SECTION 9, VERISIGN DOES NOT MAKE ANY WARRANTY, TERM, CONDITION OR REPRESENTATION THAT THE SERVICE WILL MEET YOUR REQUIRMENTS, OR THAT THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR FREE; NOR DOES VERISIGN MAKE ANY WARRANTY, TERM, CONDITION OR REPRESENTATION AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SERVICE OR TO THE ACCURACY OR RELIABILITY OF ANY INFORMATION OBTAINED THROUGH THE SERVICE. YOU UNDERSTAND AND AGREE THAT ANY MATERIAL AND/OR DATA DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF VERISIGN'S SERVICES IS DONE AT YOUR OWN DISCRETION AND RISK. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM VERISIGN OR THROUGH VERISIGN'S SERVICES SHALL CREATE ANY WARRANTY, TERM, CONDITION OR REPRESENTATION, UNLESS IT IS EXPRESSLY MADE HEREIN. TO THE EXTENT APPLICABLE JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES, TERMS, CONDITIONS OR REPRESENTATIONS, SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. VERISIGN IS NOT RESPONSIBLE FOR AND SHALL HAVE NO LIABILITY WITH RESPECT TO ANY PRODUCTS AND/OR SERVICES PURCHASED BY YOU FROM A THIRD PARTY.
11. Indemnification. You agree to release, indemnify, defend and hold harmless VeriSign and any non-VeriSign CAs or RAs, and any of their respective contractors, agents, employees, officers, directors, shareholders, affiliates and assigns from all liabilities, claims, damages, costs and expenses, including reasonable attorney's fees and expenses, of third parties relating to or arising out of (i) your failure to perform the obligations of a Relying Party in accordance with this Agreement, (ii) your reliance on a Certificate that is not reasonable under the circumstances, or (iii) your failure to check the status of a Certificate to determine if the Certificate is expired or revoked. When VeriSign is threatened with suit or sued by a third party, VeriSign may seek written assurances from you concerning your promise to indemnify VeriSign, your failure to provide those assurances may be considered by VeriSign to be a material breach of this Agreement. VeriSign shall have the right to participate in any defense by you of a third-party claim related to your use of any VeriSign services, with counsel of our choice at your own expense. You shall have sole responsibility to defend VeriSign against any claim, but you must receive VeriSign's prior written consent regarding any related settlement. The terms of this Section 11 will survive any termination or cancellation of this Agreement.
12. Limitations of Liability. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, NOTHING IN THIS AGREEMENT SHALL LIMIT VERISIGN'S LIABILITY FOR FRAUD OR FOR DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE. THIS SECTION 12 APPLIES TO LIABILITY UNDER CONTRACT (INCLUDING BREACH OF WARRANTY), TORT (INCLUDING NEGLIGENCE), AND ANY OTHER LEGAL OR EQUITABLE FORM OF CLAIM. IF YOU INITIATE ANY CLAIM, ACTION, SUIT, ARBITRATION, OR OTHER PROCEEDING RELATING TO SERVICES PROVIDED UNDER THIS AGREEMENT, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, VERISIGN'S TOTAL LIABILITY FOR DAMAGES SUSTAINED BY YOU AND ANY THIRD PARTY FOR ANY AND ALL USE OR RELIANCE ON A SPECIFIC CERTIFICATE SHALL BE LIMITED, IN THE AGGREGATE, TO THE AMOUNTS SET FORTH BELOW.
Class Liability Caps
Class 1 One Hundred U.S. Dollars (US $100.00) (or the local currency equivalent thereof)
Class 2 Five Thousand U.S. Dollars (US $5,000.00) (or the local currency equivalent thereof)
Class 3 One Hundred Thousand U.S. Dollars (US $100,000.00) (or the local currency equivalent thereof)
Subject to the provisions of this Agreement, the liability limitations provided in this Section 12 shall be the same regardless of the number of digital signatures, transactions, or claims related to such Certificate. Subject to the provisions of this Agreement, and for the avoidance of doubt, VeriSign SHALL NOT be obligated to pay any Relying Party more than the total liability limitation for each Certificate that is relied upon.
13. Protection of Private Key. YOU ARE HEREBY NOTIFIED OF THE POSSIBILITY OF THEFT OR OTHER FORM OF COMPROMISE OF A PRIVATE KEY CORRESPONDING TO A PUBLIC KEY CONTAINED IN A CERTIFICATE, WHICH MAY OR MAY NOT BE DETECTED, AND OF THE POSSIBILITY OF USE OF A STOLEN OR COMPROMISED KEY TO FORGE A DIGITAL SIGNATURE TO A DOCUMENT.
14. Governing Law. The parties agree that any disputes related to the services provided under this Agreement shall be governed in all respects by and construed in accordance with the laws of the State of California, United States of America, excluding its conflict of laws rules.
15. Dispute Resolution. To the extent permitted by law, before you may invoke any dispute resolution mechanism with respect to a dispute involving any aspect of this Agreement, you shall notify VeriSign, and any other party to the dispute for the purpose of seeking dispute resolution. If the dispute is not resolved within sixty (60) days after the initial notice, then a party may proceed in accordance with the following:
(i) When each party to the dispute is a Canadian or U.S. resident or organization situated or doing business in Canada or the United States. All suits to enforce any provision of this Agreement or arising in connection with this Agreement shall be brought in the United States District Court for the Northern District of California or the Superior or Municipal Court in and for the County of Santa Clara, California, U.S.A. The parties agree that such courts shall have exclusive in personam jurisdiction and venue and submit to the exclusive in personam jurisdiction and venue of such courts. The parties further waive any right to a jury trial regarding any action brought in connection with this Agreement.
(ii) Where one or more parties to the dispute is not a Canadian or U.S. resident or organization situated or doing business in Canada or the United States. All disputes arising in connection with this Agreement shall be finally settled under the Rules of Conciliation and Arbitration of the International Chamber of Commerce (ICC) as modified as necessary to reflect the provisions herein by one or more arbitrators. The place of arbitration shall be in Zurich in Switzerland, and the proceedings shall be conducted in English. In cases involving a single arbiter, that single arbiter shall be appointed by mutual agreement of the parties. If the parties fail to agree to an arbiter within fifteen (15) days, the ICC shall choose an arbiter knowledgeable in computer software law, information security and cryptography or otherwise having special qualifications in the field, such as a lawyer, academician, or judge in common law jurisdiction. Nothing in this Agreement will be deemed as preventing either party from seeking injunctive relief (or any other provisional remedy) from any court having jurisdiction over the parities and the subject matter of this dispute as is necessary to protect either party's name, proprietary information, trade secret, know-how, or, or any other intellectual property rights.
16. Severability. If any provision of this Agreement, or the application thereof, is for any reason and to any extent found to be invalid or unenforceable, the remainder of this Agreement (and the application of the invalid or unenforceable provision to other persons or circumstances) shall not be affected by such finding of invalidity or unenforceability, and shall be interpreted in a manner that shall reasonably carry out the intent of the parties.
17. Force Majeure. Except for indemnity obligations hereunder, neither party shall be deemed in default hereunder, nor shall it hold the other party responsible for, any cessation, interruption or delay in the performance of its obligations hereunder due to earthquake, flood, fire, storm, natural disaster, act of God, war, armed conflict, terrorist action, labor strike, lockout, boycott or other matter outside its reasonable control, provided that the party relying upon this Section 17 shall (i) have given the other party written notice thereof promptly and, where reasonably possible, in any event, within five (5) days of discovery thereof and (ii) shall take all reasonable steps reasonably necessary under the circumstances to mitigate the effects of the force majeure event upon which such notice is based; provided further, that in the event a force majeure event described in this Section 17 extends for a period in excess of thirty (30) days in aggregate, the other party may immediately terminate this Agreement.
18. Survival. This Agreement shall be applicable for as long as you rely on a Certificate, use the OCSP service, access or use the VeriSign database of CRL information and in any matter of respect concerning the subject matter of this Agreement.
19. Non-Assignment. Except as otherwise set forth herein, your rights under this Agreement are not assignable or transferable. Any attempt by your creditors to obtain an interest in your rights under this Agreement, whether by attachment, levy, garnishment or otherwise, renders this Agreement voidable at VeriSign's option.
20. Independent Contractors. The parties to this Agreement are independent contractors. Neither party is an agent, representative, or partner of the other party. Neither party shall have any right, power or authority to enter into any agreement for or on behalf of, or incur any obligation or liability of, or to otherwise bind, the other party. This Agreement shall not be interpreted or construed to create an association, joint venture or partnership between the parties or to impose any partnership obligation or liability upon either party. Each party shall bear its own costs and expenses in performing this Agreement.
21. Notices. You will make all notices, demands or requests to VeriSign with respect to this Agreement in writing to: Attn: General Counsel, VeriSign, Inc., 487 East Middlefield Road, Mountain View, California, USA 94043.
22. Entire Agreement. This Agreement constitutes the entire understanding and agreement between VeriSign and you with respect to the transactions contemplated, and supersedes any and all prior or contemporaneous oral or written representation, understanding, agreement or communication between VeriSign and you concerning the subject matter hereof. Neither party is relying upon any warranties, representations, assurances or inducements not expressly set forth herein and neither party shall have any liability in relation to any representation or other assurance not expressly set forth herein, unless it was made fraudulently. Section headings are inserted for convenience of reference only and are not intended to be part of or to affect the meaning this Agreement. Terms and conditions in any purchase orders that are not included in this Agreement or that conflict with this Agreement are null and void.
VeriSign Relying Party Agreement Version 2.3
| |
