Repository - VeriSign Relying Party Agreement

YOU MUST READ THIS RELYING PARTY AGREEMENT ("AGREEMENT") BEFORE VALIDATING A VERISIGN CERTIFICATE, USING VERISIGN'S ONLINE CERTIFICATE STATUS PROTOCOL ("OCSP") SERVICES, ACCESSING OR USING A VERISIGN OR VERISIGN AFFILIATE DATABASE OF CERTIFICATE REVOCATIONS OR RELYING ON ANY VERISIGN CERTIFICATE-RELATED INFORMATION (COLLECTIVELY, "VERISIGN INFORMATION”). IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, DO NOT SUBMIT A QUERY AND DO NOT DOWNLOAD, ACCESS, OR RELY ON ANY VERISIGN INFORMATION. IN CONSIDERATION OF YOUR AGREEMENT TO THESE TERMS, YOU ARE ENTITLED TO USE VERISIGN INFORMATION AS SET FORTH HEREIN.

1. Term of Agreement. This Agreement becomes effective when you submit a query to search for a VeriSign Certificate, or rely on any VeriSign Information in the manner set forth in the preamble above. This Agreement shall be applicable for as long as you use and/or rely on such VeriSign Information.

2. Definitions.

"Certificate" or “Digital Certificate” means a message that, at least, states a name or identifies the issuing CA, identifies the Subscriber, contains the Subscriber's public key, identifies the Certificate’s validity period, contains a Certificate serial number, and contains a digital signature of the issuing CA.

"Certificate Applicant" means an individual or organisation that requests the issuance of a Certificate by a Certification Authority.

"Certification Authority" or "CA" means an entity authorised to issue, suspend, or revoke Certificates. For purposes of this Agreement, CA shall mean VeriSign.

“Certification Practice Statement” or “CPS” means a document, as revised from time to time, representing a statement of practices a CA employs in issuing Certificates. VeriSign’s CPS is published at www.verisign.com/repository/cps.

"Non-verified Subscriber Information" means any information submitted by a Certificate Applicant, and included within a Certificate, that has not been confirmed by the CA or RA and for which the applicable CA and RA provide no assurances other than that the information was submitted by the Certificate Applicant.

"Registration Authority" or "RA" means an entity approved by a CA to assist Certificate Applicants in applying for, approving, rejecting, or revoking Certificates.

"Relying Party" means an individual or organisation that acts in reliance on a Certificate.

"Repository" means the collection of documents located at the link for the repository which may be accessed from the website where the Certificate was issued.

"Subscriber" means a person, organisation, or entity who is the subject of and has been issued a Certificate, and is capable of using, and is authorised to use, the private key that corresponds to the public key listed in the Certificate at issue.

"VeriSign Trust Network" or "VTN" means the Certificate-based public key infrastructure governed by the VeriSign Trust Network certificate policies, which enables the worldwide deployment and use of Certificates by VeriSign, its affiliates, their respective customers, Subscribers and Relying Parties.

3. Informed Decision. You acknowledge and agree that: (i) you have sufficient information to make an informed decision as to the extent to which you choose to rely on the information in a Certificate; (ii) your use or reliance of any VeriSign Information is governed by this Agreement and you shall bear the legal consequences of your failure to comply with the obligations contained herein. YOU ARE SOLELY RESPONSIBLE FOR DECIDING WHETHER OR NOT TO RELY ON THE INFORMATION IN A CERTIFICATE.

4. Certificates. VeriSign offers three distinct classes of certificate services, with each class providing specific functionality and security features corresponding to a specific level of trust within the VTN:

    (i) Class 1 Certificates. Class 1 Certificates offer the lowest level of assurance and should not be used for authentication purposes or to support non-repudiation. These Certificates are issued to individuals, and authentication procedures are based on assurances that the Subscriber's distinguished name is unique within the domain of a particular CA and that a certain e-mail address is associated with a public key. These certificates do not provide proof of the identity of the Subscriber. Class 1 Certificates are appropriate for digital signatures, encryption, and access control for non-commercial or low-value transactions where proof of identity is not necessary.

    (ii) Class 2 Certificates. Class 2 Certificates offer a medium level of assurance in comparison with the other two classes. Class 2 authentication includes verification of information submitted by the Certificate Applicant against identity proofing sources. Class 2 Certificates can be used for digital signatures, encryption, and access control, including as proof of identity in medium-value transactions. Under limited circumstances, Class 2 Certificates may be issued to an organisational Subscriber (rather than an individual within the organisation). Such Certificates may be used for organisation authentication and application signing only under the terms of the VeriSign CPS.

    (iii) Class 3 Certificates. Class 3 Certificates provide the highest level of assurances within the VTN. Class 3 Certificates are issued to individuals and organisations for digital signatures, encryption, and access control, including as proof of identity, in high-value transactions. Class 3 individual Certificates provide assurances of the identity of the Subscriber based on the personal (physical) presence of the Subscriber to confirm his or her identity using, at a minimum, a well-recognised form of government-issued identification and one other identification credential. Class 3 organisational Certificates may be issued to devices to provide authentication; message, software, and content integrity; and confidentiality through encryption. Class 3 organisational Certificates provide assurances of the identity of the Subscriber based on a confirmation that the Subscriber organisation does in fact exist, that the organisation has requested the Certificate Application, and that the person submitting the Certificate Application on behalf of the Subscriber was authorised to do so. Class 3 organisational Certificates also provide assurances that the Subscriber is entitled to use the domain name listed in the Certificate Application.

5. Your Obligations. As a Relying Party, you are obligated to ensure the reasonableness of your reliance on any VeriSign Information by: (i) assessing whether the use of a Certificate for any given purpose is appropriate under the circumstances; (ii) utilising the appropriate software and/or hardware to perform digital signature verification or other cryptographic operations you wish to perform, as a condition of relying on a Certificate in connection with each such operation; and (iii) checking the status of a Certificate you wish to rely on, as well as the validity of all the Certificates in its chain.

6. Limitations on Use. YOU ARE HEREBY NOTIFIED OF THE POSSIBILITY OF THEFT OR OTHER FORM OF COMPROMISE OF A PRIVATE KEY CORRESPONDING TO A PUBLIC KEY CONTAINED IN A CERTIFICATE, WHICH MAY OR MAY NOT BE DETECTED, AND OF THE POSSIBILITY OF USE OF A STOLEN OR COMPROMISED KEY TO FORGE A DIGITAL SIGNATURE. Further, VeriSign Certificates are not designed, intended, or authorised for use as control equipment in hazardous circumstances or for uses requiring fail-safe performance such as the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control systems, or weapons control systems, where failure could lead directly to death, personal injury, or severe environmental damage. Class 1 Certificates shall not be used as proof of identity or as support of non-repudiation of identity or authority. VeriSign, its CAs, and RAs are not responsible for assessing the appropriateness of the use of a Certificate.

7. Compromise of VTN Security. You shall not monitor, interfere with, or reverse engineer the technical implementation of the VTN or otherwise intentionally compromise the security of the VTN (unless you cannot be prohibited from so doing under applicable law), except upon prior written approval from VeriSign.

8. VeriSign Warranties. VeriSign warrants to Relying Parties who reasonably rely on a Certificate that (i) all information in the Certificate, except for Non-verified Subscriber Information, is accurate as of the date of Certificate issuance; (ii) Certificates appearing in the Repository have been issued to the individual, organisation, or device named in the Certificate as the Subscriber; and (iii) the Certificate was issued in substantial compliance with the VeriSign CPS.

9. Disclaimers of Warranties. EXCEPT FOR THE EXPRESS LIMITED WARRANTIES CONTAINED IN SECTION 8, VERISIGN DISCLAIMS ALL OTHER WARRANTIES, TERMS OR CONDITIONS, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION, THOSE OF SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSES, SATISFACTION OF CUSTOMER REQUIREMENTS, NON-INFRINGEMENT, AND ANY WARRANTY ARISING OUT OF A COURSE OF PERFORMANCE, DEALING OR TRADE USAGE. TO THE EXTENT JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN REPRESENTATIONS, TERMS OR CONDITIONS, WARRANTIES OR GUARANTEES, SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU.

10. Indemnity. You agree to indemnify, defend and hold harmless VeriSign, any non-VeriSign CA or RA, and any of their respective directors, shareholders, officers, agents, employees, successors and assigns from any and all third party claims, proceedings, judgments, damages, and costs (including reasonable legal fees and expenses) arising from (i) your failure to perform the obligations of a Relying Party in accordance with this Agreement, (ii) your reliance on a Certificate that is not reasonable under the circumstances, or (iii) your failure to check the status of a Certificate to determine if the Certificate is expired or revoked. VeriSign shall promptly notify you of any such claim, and you shall bear full responsibility for the defence of such claim (including any settlements); provided however, that (a) you keep VeriSign informed of, and consult with VeriSign in connection with the progress of such litigation or settlement; (b) you shall not have any right, without VeriSign’s written consent, which consent shall not be unreasonably withheld, to settle any such claim if such settlement arises from or is part of any criminal action, claim or proceeding or contains a stipulation to or admission or acknowledgement of, any liability or wrongdoing (whether in contract, tort, or otherwise) on the part of VeriSign, or requires any specific performance or non-pecuniary remedy by VeriSign; and (c) VeriSign shall have the right to participate in the defence of a claim with legal counsel of its choice at its own expense. The terms of this Section 10 will survive any termination of this Agreement.

11. Limitations of Liability.

11.1 THIS SECTION 11 APPLIES TO LIABILITY UNDER CONTRACT (INCLUDING BREACH OF WARRANTY), TORT (INCLUDING NEGLIGENCE AND/OR STRICT LIABILITY), AND ANY OTHER LEGAL OR EQUITABLE FORM OF CLAIM.

11.2 IF YOU INITIATE ANY CLAIM, ACTION, ARBITRATION, OR OTHER PROCEEDING RELATING TO THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, VERISIGN SHALL NOT BE LIABLE FOR (I) ANY LOSS OF PROFIT, BUSINESS, CONTRACTS, REVENUE OR ANTICIPATED SAVINGS, OR (II) ANY INDIRECT OR CONSEQUENTIAL LOSS.

11.3 VERISIGN'S TOTAL LIABILITY FOR ALL DAMAGES SUSTAINED BY ALL RELYING PARTIES CONCERNING A SPECIFIC CERTIFICATE (OTHER THAN AN EXTENDED VALIDATION CERTIFICATE) SHALL BE DETERMINED ACCORDING TO THE CLASS OF THE CERTIFICATE RELIED UPON AND LIMITED, IN THE AGGREGATE, TO THE AMOUNT SET FORTH BELOW.

Class	Liability Cap
Class 1	One Hundred U.S. Dollars (US $100.00) (or the local currency equivalent thereof)
Class 2	Five Thousand U.S. Dollars (US $5,000.00) (or the local currency equivalent thereof)
Class 3	One Hundred Thousand U.S. Dollars (US $100,000.00) (or the local currency equivalent thereof)

THE LIABILITY LIMITATIONS PROVIDED IN THIS SUBSECTION 11.3 SHALL BE THE SAME REGARDLESS OF THE NUMBER OF DIGITAL SIGNATURES, TRANSACTIONS, OR CLAIMS RELATED TO SUCH CERTIFICATE.

11.4 THIS SUBSECTION 11.4 APPLIES TO VERISIGN SSL CERTIFICATES WITH EXTENDED VALIDATION ONLY: IF VERISIGN FAILED TO ISSUE THE EXTENDED VALIDATION CERTIFICATE IN COMPLETE COMPLIANCE WITH THE EXTENDED VALIDATION GUIDELINES, THEN VERISIGN’S LIABILITY FOR LEGALLY RECOGNISED AND PROVEN CLAIMS SHALL BE LIMITED TO USD$2000 PER RELYING PARTY PER CERTIFICATE.

11.5 NOTWITHSTANDING THE FOREGOING, VERISIGN’S LIABILITY SHALL NOT BE LIMITED UNDER THIS SECTION 11 IN CASES OF PERSONAL INJURY OR DEATH ARISING FROM VERISIGN’S NEGLIGENCE OR TO ANY OTHER LABILITY WHICH CANNOT BE EXCLUDED BY APPLICABLE LAW (INCLUDING MANDATORY LAWS OF ANY APPLICABLE JURISDICTION). TO THE EXTEND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN LIABILITY LIMITATIONS, SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU.

12. Force Majeure. Neither party shall be deemed in default hereunder, nor shall it hold the other party responsible for, any cessation, interruption or delay in the performance of its obligations hereunder (excluding payment obligations) due to earthquake, flood, fire, storm, natural disaster, act of God, war, armed terrorism, armed conflict, labour strike, lockout, boycott or other similar events beyond the reasonable control of such party, provided that the party relying upon this Section 12 (i) gives prompt written notice thereof; (ii) takes all steps reasonably necessary to mitigate the effects of the force majeure event; provided further, that in the event a force majeure event extends for a period in excess of thirty (30) days in the aggregate, either party may immediately terminate this Agreement upon written notice.

13. Severability. If any provision of this Agreement should be found by a court of competent jurisdiction to be invalid, illegal or unenforceable in any respect, the validty, legality and enforceability of the remaining provisions contained shall not, in any way, be affected or impaired thereby.

14. Governing Law. Any disputes related to this Agreement shall be governed in all respects by and construed in accordance with the laws of the Commonwealth of Virginia, United States of America, excluding its conflict of laws rules.

15. Dispute Resolution. To the extent permitted by law, before you invoke any dispute resolution mechanism with respect to a dispute involving any aspect of this Agreement, you shall notify VeriSign, and any other party to the dispute for the purpose of seeking resolution. If the dispute is not resolved within sixty (60) days after the initial notice, then a party may proceed in accordance with the following:

(i) When each party to the dispute is a Canadian or U.S. resident or organisation situated or doing business in Canada or the United States. All claims arising in connection with this Agreement shall be brought in the United States District Court for the Eastern District of Virginia or the state courts of Fairfax County, Virginia, U.S.A. The parties agree that such courts shall have exclusive jurisdiction and submit to the exclusive jurisdiction and venue of such courts. The parties further waive any right to a jury trial regarding any action brought in connection with this Agreement.

(ii) Where one or more parties to the dispute is not a Canadian or U.S. resident or organisation situated or doing business in Canada or the United States. All disputes arising in connection with this Agreement shall be finally settled under the Rules of Conciliation and Arbitration of the International Chamber of Commerce (ICC) as modified as necessary to reflect the provisions herein by one or more arbitrators. The place of arbitration shall be in Geneva, Switzerland, and the proceedings shall be conducted in English. In cases involving a single arbiter, that single arbiter shall be appointed by mutual agreement of the parties. If the parties fail to agree to an arbiter within fifteen (15) days, the ICC shall choose an arbiter knowledgeable in computer software law, information security and cryptography or otherwise having special qualifications in the field, such as a lawyer, academician, or judge in common law jurisdiction.

Nothing in this Agreement will be deemed as preventing either party from seeking injunctive relief (or any other provisional remedy) from any court having jurisdiction over the parities and the subject matter of this dispute as is necessary to protect either party's name, proprietary information, trade secret, know-how, or, or any other intellectual property rights.

16. Non-Assignment. Except as stated otherwise, your rights under this Agreement are not assignable or transferable. Any attempt by your creditors to obtain an interest in your rights herein, whether by attachment, levy, garnishment or otherwise, renders this Agreement voidable at VeriSign's option.

17. Notices. You will make all notices, demands or requests to VeriSign with respect to this Agreement in writing to: Attn: General Counsel, VeriSign, Inc., 487 East Middlefield Road, Mountain View, California, 94043, USA .

18. Entire Agreement. This Agreement constitute the entire understanding and agreement between VeriSign and you with respect to the transactions contemplated, and supersedes any and all prior or contemporaneous oral or written representation, understanding, agreement or communication relating thereto.