reviewed this and incorporated all the known comments.

should be ready for policy group to look at. git-svn-id: http://svn.cacert.org/CAcert/Policies@1732 14b1bab8-4ef6-0310-b690-991c95c89dfd
15 years ago · 33b9a384c9
parent 1b1906fccf
commit 33b9a384c9
1 changed files with 85 additions and 147 deletions
--- a/Agreements/3PVDisclaimerAndLicence.html
+++ b/Agreements/3PVDisclaimerAndLicence.html
@ -10,64 +10,41 @@
 <center> <b> w o r k -- i n -- p r o g r e s s</b> </center>
 <p> <i>
-This is wip-V0.03.
+This is wip-V0.05 as of 20091213.
 </i></p>
 <ul><li><i>
    What to do about multi-tier distributors:
    th: firefox/thunderbird/evolution/etc distribute things
    but also to distributors eg Fedora, Ubuntu, etc. Who on their terms
    redistribute it. This recursion should that be explicit in this
    disclaimer and license?
    is this agreement with primary or end distributor or all of them?
    Mozilla => KDE => Evolution.
  </i></li><li><i>
    This agreement is with vendors that choose not to be Members.
    Is now made explicit.
    What about vendors who choose to be Members?
  </i></li><li><i>
    pg: I think the 3pv should define "USE" and "RELY" in a preamble
    (or somewhere else at the beginning)
    Perhaps even specifically declare the difference between USE and RELY
    The other things are more or less clear in general,
    but USE and RELY and its special meaning should be defined
    <br><b>  OK, done.</b>
  </i></li><li><i>
    pg: 1.4 Agreement in Spirit
    It doesn't clearly indicate that this is only in respect to cert stuff.
    <br><b>  extra line added "all with respect to...".</b>
  </i></li><li><i>
    Also, why are we policing the redistributors?
    <br> <i>the roots and certs are CAcert responsibility.</i>
  </i></li><li><i>
    pg: not clear that this applies or does not apply to Member-vendors.
    <br><b>  it is in now, in one of the bullet points.</b>
  </i></li><li><i>
    Practically everything else...
    These are just scattered ideas and have not been exposed to criticism yet...
 </i></li></ul>
 <hr>
-<h3> <a name="0"> 0. </a>  Preliminaries </h3>
+<blockquote>
 <h3> <a name="0"> 0. </a>  Preamble </h3>
-<h4> <a name="0.2"> 0.2 </a>  Background </h4>
+<p><i>
 This section is not part of the licence but may be explanatory.
 <a href="#title">Skip to licence.</a>
 </i></p>
 <p>
 Being that,
 </p>
 <ul><li>
-    CAcert is a Certificate Authority ("the CA"),
+    CAcert is a Certification Authority ("the CA"),
  </li><li>
    the CA offers a free certificate service to its subscribers,
  </li><li>
    for the direct benefit and RELIANCE of its Community of signed-up users
    ("Members"),
     RELIANCE being defined as the Member's act in making a decision,
    including taking a risk, in whole or in part based on the certificate,
    and
  </li><li>
    where possible, of some indirect benefit and USE to other general users
-    ("end-users") of the Internet;
+    ("end-users") of the Internet,
    where USE is defined as allowing a certificate to
    participate in a protocol, as decided and facilitated
    by the user's software, with no significant input or
    knowledge being required of the user;
 </li></ul>
 <p>
@ -103,10 +80,10 @@ And that, in offering the USE of certificates to the end-user,
    direct relationship,
  </li><li>
    by way of an open, indirect offering,
-    the CA provides its
+    the CA offers its
    <a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">
    Non-Related Persons -- Disclaimer and Licence</a>
-    for the end-user ("NRP"), in which
+    to the end-user ("NRP"), in which
    <ul><li>
        the CA disclaims liability to NRPs,
      </li><li>
@ -114,6 +91,9 @@ And that, in offering the USE of certificates to the end-user,
      </li><li>
        the CA specifically does not permit the NRPs to RELY,
    </li></ul>
  </li><li>
    and that NRPs have a choice of joining the Community
    and thus becoming a Member (which overrides the NRP-DaL);
 </li></ul>
 <p>
@ -134,6 +114,9 @@ And that,
    the Vendor has the primary and only direct relationship with the end-user,
  </li><li>
    the Vendor chooses not to be a Member of CAcert,
  </li><li>
    and therefore Vendor needs a Licence to distribute the roots
    to its end-users;
 </li></ul>
 <p>
@ -156,39 +139,26 @@ We both, CA and Vendor, agree that,
 </li></ul>
 <h4> <a name="0.2"> 0.2 </a> Parties </h4>
 With the above understanding, the following Licence and Disclaimer is offered
 by CA to Vendor.
 <h4> <a name="0.3"> 0.3 </a>  Terms </h4>
 <p>
-<b><a name="d_reliance" id="d_reliance">RELIANCE</a></b>.
+With the above understanding,
-    A Member's act in making a decision,
+the following Licence and Disclaimer is offered by CAcert to Vendor.
    including taking a risk,
    in whole or in part based on the certificate.
 </p>
 <p>
 <b><a name="d_use" id="d_use">USE</a></b>.
    The event of allowing a certificate to participate
    in a protocol, as decided and facilitated by the user's software.
    In general, no significant input is required of the user.
 </p>
-<p>
+</blockquote>
 Other terms used in this agreement are as defined in the
 <a href="http://svn.cacert.org/CAcert/RegisteredUserAgreement.html">
 CAcert Community Agreement</a>.
 </p>
 <table border="1" cellpadding="15" bgcolor="0xEEEEEE"><tr><td>
 <center><b>
    <a name="title"> 3rd Party Vendor - Licence and Disclaimer </a>
 </b></center>
 <h3> <a name="1"> 1. </a>  Agreement and Licence </h3>
 <h4> <a name="1.1"> 1.1 </a>  Agreement </h4>
 <p>
-You and CAcert both agree to the terms and conditions in this agreement.
+We (the Vendor and the CA)
 both agree to the terms and conditions in this agreement.
 The relationship between the CA and the Vendor is based on this agreement.
 Your agreement is given by your distribution of the root within your
 distribution of your root list.
@ -197,7 +167,8 @@ distribution of your root list.
 <h4> <a name="1.1"> 1.2 </a>  Other Agreements </h4>
 <p>
-The relationship between the Vendor and the end-user is based on Vendor's own agreement
+The relationship between the Vendor and the end-user
 is based on Vendor's own agreement
 ("end-user licence agreement" or EULA).
 Generally, the Vendor offers the EULA to the end-user
 in the act of distributing the software and roots.
@ -220,57 +191,34 @@ CA offers this licence to permit Vendor to distribute CA's roots
 within Vendor's root list to Vendor's end-users.
 </p>
-<h4> <a name="1.4"> 1.4 </a>  Agreement in Spirit </h4>
+<h4> <a name="1.4"> 1.4 </a>  Vendor's Agreement with End-User </h4>
 <p>
-Vendor agrees to make its relationship to end-users
+Vendor agrees
 compatible and aligned with the CA's NRP-DaL.
 Specifically, the Vendor must:
 </p>
-<ul><li>
+<ol><li>
-    disclaim all liability,
+    to distribute both the NRP-DaL and this present agreement to end-user,
  </li><li>
    offer free licence to USE, and
  </li><li>
-    deny permission to RELY under this EULA;
+    to advise the end-user of the NRP-DaL appropriately.
-</li></ul>
+</li></ol>
 <p>
 all with respect to the root list
 (including root keys, certificates,
 and related cryptographic and security software).
 </p>
-<h4> <a name="1.5"> 1.5 </a>  Agreement in Practice </h4>
+<h4> <a name="1.5"> 1.5 </a>  Fair and Non-Discriminatory </h4>
 <p>
-Where agreement is explicitly sought from the end-user,
+Vendor agrees to make available CA's root key
-they may be offered and agree to:
+in a fair and non-discriminatory way to Vendor's end-users.
 </p>
 <ul><li>
    CA's NRP-DaL,
    <s>where the NRP-DaL and EULA are not in contradiction,</s>
    <i>OR</i>
  </li><li>
    only your EULA,
    where the spirit of the NRP-DaL is preserved
    within the EULA.
 </li></ul>
 <p>
-Vendors are encouraged to ship the NRP-DaL with their software,
+In accordance with the general principles of PKI
-and make available means for the end-user to further
+and the fact that the CA makes statements of interest
-examine the NRP-DaL.
+within certificates, the Vendor is strongly encouraged
-<br><i>Note, document this elsewhere in FAQ</i>.
+to reasonably represent to the end-user
-</p>
+that the CA is the issuer of the certificate
-
+and the maker of claims within the certificate.
-<h4> <a name="1.6"> 1.6 </a>  Fair and Non-Discriminatory </h4>
+The extent to which the end-user is aware that the
-
+CA is the person making claims is likely to be
-<p>
+material in a dispute over claims.
 Vendor agrees to make available CA's root key
 in a fair and non-discriminatory way to Vendor's end-users.
 <br><i>Note, document this elsewhere in FAQ</i>.
 </p>
 <h3> <a name="2"> 2. </a>  Disclaimer </h3>
@ -281,11 +229,14 @@ in a fair and non-discriminatory way to Vendor's end-users.
 Vendor's relationship with end-users creates risks, liabilities
 and obligations due to the end-user's permitted USE of the certificates,
 and potentially through other activities such as inappropriate
-and unpermitted RELIANCE.
+and non-permitted RELIANCE.
 </p>
 <p>
-We in general DISCLAIM ALL LIABILITY to each other and to the end-user.
+We in general DISCLAIM ALL LIABILITY to each other.
 Vendor acknowledges and confirms that
 the CA disclaims all liability to the end-user
 in NRP-DaL.
 </p>
@ -293,28 +244,19 @@ We in general DISCLAIM ALL LIABILITY to each other and to the end-user.
 <p>
 Notwithstanding the general disclaimer on liability above,
-we agree that, to the extent that CAcert is reasonably
+we agree that,
-represented to the Vendor's end-user by the software
+liability of Vendor and of the CA is strictly limited to be 1000 euros.
 as being the Certificate Authority, at the events and
 circumstances of question,
 liability of CAcert is strictly limited to be 1000 euros.
 This is the same limit of liability that applies to each
 member of the CAcert Community.
 </p>
 <p>
 To the extent that the CA is not reasonably represented
 to the end-user, we agree that any liability is limited
 to the lowest of agreed liabilities of all CAs for all
 roots shipped by the Vendor, and 1000 euros.
 </p>
 <h3> <a name="3"> 3. </a>  Legal Matters </h3>
 <h4> <a name="2.3"> 3.1 </a>  Law </h4>
 <p>
 The Choice of Law is that of NSW, Australia.
 Policies in force within CAcert are incorporated.
 </p>
 <h4> <a name="2.4"> 3.2 </a>  Dispute Resolution </h4>
@ -322,41 +264,18 @@ The Choice of Law is that of NSW, Australia.
 <p>
 We agree that all disputes arising out
 of or in connection to this agreement
-and the root key of the CA
+and the root and certificates of the CA
 shall be referred to and finally resolved
 by Arbitration under the
 Dispute Resolution Policy of the CA
-(DRP => COD7).
+(<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">COD7</a>).
 The ruling of the Arbitrator is binding and
 final on CA and Vendor alike.
 </p>
-<p>
+</td></tr></table>
 We further agree, as a single exception to DRP,
 that the single Arbitrator may be chosen from outside
 the CAcert Community.
 </p>
 <h4> <a name="3.x"> 3.3 </a>  CAcert Community Agreement </h4>
 <p>
 The CA also offers a CAcert Community Agreement (CCA).
 The CCA replaces the NRP-DaL and this present agreement
 for those parties that accept it.
 </p>
 <p>
 If a Community member is also an end-user, then the provisions
 of the CCA will replace all elements of the CA's NRP-DaL,
 and will dominate this present agreement.
 </p>
-<p>
+<blockquote>
 Acceptance alone of this present agreement by the Vendor
 does not imply that Vendor is a Community User/Member.
 </p>
 <hr>
 <p>
 The following parts are not part of the above licence,
@ -422,3 +341,22 @@ random users would have "got it" when presented with the
 same information, however this is not quite how it is tested
 in law;  instead, it is more of a gut-feeling.
 </p>
 <h4> <a name="Z.3"> Z.3 </a>  Recursive Distribution </h4>
 <p>
 This licence is not intended to limit the ability of
 a re-distributor of Vendor's root list from operating under
 the same conditions as the Vendor.  The licence applies
 equally to all distributors of CA's roots.
 It is the re-distributor's responsibility
 to be aware of this licence and to take appropriate
 steps.  The primary Vendor discharges any responsibility
 to the re-distributor by making available this licence
 on the same basis as its other licences.
 </p>
 </blockquote>
 </body></html>