@ -1,33 +1,73 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
< html >
< head > < title > CAcert - 3rd Party Vendor -- Licence and Disclaimer < / title > < / head >
< body >
<?xml version="1.0" encoding="utf-8"?>
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
< html xmlns = "http://www.w3.org/1999/xhtml" >
< head >
< meta http-equiv = "CONTENT-TYPE" content = "text/html; charset=utf-8" / >
< title > CAcert - 3rd Party Vendor -- Licence and Disclaimer < / title >
< style type = "text/css" > < ! - - t o d i s a p p e a r f r o m w w w . c . o / p o l i c y / - - >
<!--
body {
font-family : verdana, helvetica, arial, sans-serif;
}
th {
text-align : left;
}
.q {
color : green;
font-weight: bold;
text-align: center;
font-style:italic;
}
.change {
color : blue;
font-weight: bold;
}
.strike {
color : blue;
text-decoration:line-through;
}
a:hover {
color : gray;
}
-->
< / style >
< / head >
< body lang = "en-GB" >
< h3 > -1. TO BE FIXED < / h3 >
< center > < b > w o r k -- i n -- p r o g r e s s< / b > < / center >
< p class = "q" > < big > w o r k -- i n -- p r o g r e s s< / big > < / p >
< a href = "http://www.cacert.org/policy/PolicyOnPolicy.php" > < img align = "right" src = "../Images/cacert-wip.png" alt = "CAcert 3rd Party - Disclaimer and Licence - Status == wip" border = "0" > < / a > < p > < i >
This is wip-V0.05 as of 20091213.
< / i > < / p >
< a href = "http://www.cacert.org/policy/PolicyOnPolicy.php" > < img style = "float: right; border-width: 0" src = "../Images/cacert-wip.png" alt = "CAcert 3rd Party - Disclaimer and Licence - Status == wip" border = "0" > < / a >
< p class = "q" >
This is wip-V0.06 as of 20100623.
Comments:
< / p >
< ul > < li >
< i > add comments here...< / i >
< ul class = "q" > < li >
Added FAQ section on < a href = "#sZ.4" > Persons, Parties, Numbers< / a > , following confusion from STS 20100620
<!-- add more comments here... -->
< / li > < / ul >
< p class = "q" >
Policy starts:
< / p >
< hr >
< blockquote >
< h3 > < a name = "0" > 0. < / a > Preamble < / h3 >
< h3 id = "s0" > 0. Preamble < / h3 >
< p > < i >
This section is not part of the licence but may be explanatory.
< a href = "#title" > Skip to licence.< / a >
< / i > < / p >
< p >
< p id = "s0.1" > 0.1
Being that,
< / p >
@ -39,7 +79,8 @@ Being that,
for the direct benefit and RELIANCE of its Community of signed-up users
("Members"),
RELIANCE being defined as the Member's act in making a decision,
including taking a risk, in whole or in part based on the certificate,
that takes on a risk or liability,
in whole or in part based on the certificate,
and
< / li > < li >
where possible, of some indirect benefit and USE to other general users
@ -50,7 +91,7 @@ Being that,
knowledge being required of the user;
< / li > < / ul >
< p >
< p id = "s0.2" > 0.2
And that,
< / p >
@ -72,12 +113,12 @@ And that,
to provide for a high degree of choice and control over certificates;
< / li > < / ul >
< p >
< p id = "s0.3" > 0.3
And that, in offering the USE of certificates to the end-user,
< / p >
< ul > < li >
the CA has no direct relationship with the the end-user,
the CA has no direct relationship with the end-user,
< / li > < li >
it is not economic nor reasonable to expect such a
direct relationship,
@ -86,7 +127,7 @@ And that, in offering the USE of certificates to the end-user,
the CA offers its
< a href = "http://www.cacert.org/policy/NRPDisclaimerAndLicence.php" >
Non-Related Persons -- Disclaimer and Licence< / a >
to the end-user ("NRP"), in which
to the end-user ("NRP") in which
< ul > < li >
the CA disclaims liability to NRPs,
< / li > < li >
@ -99,7 +140,7 @@ And that, in offering the USE of certificates to the end-user,
and thus becoming a Member (which overrides the NRP-DaL);
< / li > < / ul >
< p >
< p id = "s0.4" > 0.4
And that,
< / p >
@ -122,7 +163,7 @@ And that,
to its end-users;
< / li > < / ul >
< p >
< p id = "s0.5" > 0.5
We both, CA and Vendor, agree that,
< / p >
@ -155,9 +196,9 @@ the following Licence and Disclaimer is offered by CAcert to Vendor.
< a name = "title" > 3rd Party Vendor - Licence and Disclaimer < / a >
< / b > < / center >
< h3 > < a name = "1" > 1. < / a > < / h3 >
< h3 id = "s1" > 1. Agreement and Licence < / h3 >
< h4 > < a name = "1.1" > 1.1 < / a > < / h4 >
< h4 id = "s1.1" > 1.1 Agreement < / h4 >
< p >
We (the Vendor and the CA)
@ -167,7 +208,7 @@ Your agreement is given by your distribution of the root within your
distribution of your root list.
< / p >
< h4 > < a name = "1.1" > 1.2 < / a > < / h4 >
< h4 id = "s1.2" > 1.2 Other Agreements < / h4 >
< p >
The relationship between the Vendor and the end-user
@ -187,14 +228,14 @@ expectation for explicit agreement by the end-user,
because of the methods and restrictions of delivery.
< / p >
< h4 > < a name = "1.3" > 1.3 < / a > < / h4 >
< h4 id = "s1.3" > 1.3 Licence to Distribute < / h4 >
< p >
CA offers this licence to permit Vendor to distribute CA's roots
within Vendor's root list to Vendor's end-users.
< / p >
< h4 > < a name = "1.4" > 1.4 < / a > < / h4 >
< h4 id = "s1.4" > 1.4 Vendor's Agreement with End-User < / h4 >
< p >
Vendor agrees
< / p >
@ -205,7 +246,7 @@ Vendor agrees
to advise the end-user of the NRP-DaL appropriately.
< / li > < / ol >
< h4 > < a name = "1.5" > 1.5 < / a > < / h4 >
< h4 id = "s1.5" > 1.5 Fair and Non-Discriminatory < / h4 >
< p >
Vendor agrees to make available CA's root key
@ -224,9 +265,9 @@ CA is the person making claims is likely to be
material in a dispute over claims.
< / p >
< h3 > < a name = "2" > 2. < / a > < / h3 >
< h3 id = "s2" > 2. Disclaimer < / h3 >
< h4 > < a name = "2.1" > 2.1 < / a > < / h4 >
< h4 id = "s2.1" > 2.1 All Liability < / h4 >
< p >
Vendor's relationship with end-users creates risks, liabilities
@ -243,7 +284,7 @@ in NRP-DaL.
< / p >
< h4 > < a name = "2.2" > 2.2 < / a > < / h4 >
< h4 id = "s2.2" > 2.2 Monetary Limits on Liability < / h4 >
< p >
Notwithstanding the general disclaimer on liability above,
@ -253,16 +294,16 @@ This is the same limit of liability that applies to each
member of the CAcert Community.
< / p >
< h3 > < a name = "3" > 3. < / a > < / h3 >
< h3 id = "s3" > 3. Legal Matters < / h3 >
< h4 > < a name = "2.3" > 3.1 < / a > < / h4 >
< h4 id = "s3.3" > 3.1 Law < / h4 >
< p >
The Choice of Law is that of NSW, Australia.
Policies in force within CAcert are incorporated.
< / p >
< h4 > < a name = "2.4" > 3.2 < / a > < / h4 >
< h4 id = "s3.4" > 3.2 Dispute Resolution < / h4 >
< p >
We agree that all disputes arising out
@ -285,37 +326,43 @@ The following parts are not part of the above licence,
but may shed light.
< / p >
< h3 > < a name = "faq" > Z. < / a > < / h3 >
< h3 id = "sfaq" > Z. FAQ < / h3 >
< h4 > < a name = "Z.1" > Z.1 < / a > < / h4 >
< h4 id = "sZ.1" > Z.1 Notes on Liability < / h4 >
< p >
Liability agreement between CA and Vendor
suggests that the end-user be presented with the name of the CA.
suggests that the end-user be presented with the name of the CA
in any act where the certificate is USED.
This is useful for identifying the particular characteristics
of the CA, and accepts that all CAs are different.
Each CA has its ways of checking, its relevent laws, and its
particular view as to the interests of the end-user.
particular view as to the interests of the end-user,
and it is PKI practice and CPS practice that the
obligation falls on the end-user to understand this.
< / p >
< p >
The Vendor should present the name of the CA so as to inform
the end-user of what can be known.
In the event that the Vendor does not present the CA,
the CA is taking on all the risk and liability that the
CA is equivalent to others, which can only be rationally
measured as the < i > lowest-common-denominator< / i > , that is,
the lowest of the liabilities that is accepted across all
CAs that are shipped by the CA.
This would generally be zero.
the end-user of what can be known about the claim being made.
In the event that the Vendor does not present the CA's name,
the CA is taking on the risk and liability that is
equivalent to other CAs. Such a position can be seen
rationally as the < i > lowest-common-denominator< / i > , that is,
the claim is no better than the worst claim made by the
worst of CAs.
Therefore the liability that is accepted by this CA is
the lowest that can be applied to any CA in the same position.
This liability limit would generally be zero.
Any additional liability would therefore fall to the Vendor.
< / p >
< p >
If the CA has been presented to the end-user, the end-user
is able to discriminate.
In this case, it is reasonable for the CA to offer to share
the liability, and to accept some limit
to that liability .
is able to discriminate. CAs are no longer equivalent.
In this case, it is reasonable for the CA to share
the liability, over and above the lowest common denominator,
up to the limit expressed in the above licence .
< / p >
< p >
@ -327,7 +374,7 @@ to the end-user must be disclaimed totally.
In other words, set to zero.
< / p >
< h4 > < a name = "Z.2" > Z.2 < / a > < / h4 >
< h4 id = "sZ.2" > Z.2 Reasonably Shown < / h4 >
< p >
To reasonably show the name of the CA is undefined,
@ -345,7 +392,7 @@ same information, however this is not quite how it is tested
in law; instead, it is more of a gut-feeling.
< / p >
< h4 > < a name = "Z.3" > Z.3 < / a > < / h4 >
< h4 id = "sZ.3" > Z.3 Recursive Distribution < / h4 >
< p >
This licence is not intended to limit the ability of
@ -357,6 +404,40 @@ to be aware of this licence and to take appropriate
steps. The primary Vendor discharges any responsibility
to the re-distributor by making available this licence
on the same basis as its other licences.
See < a href = "#1.4" > § 1.4-1< / a > .
< / p >
< h4 id = "sZ.4" > Z.4 Persons, Parties, Numbers < / h4 >
< p >
As a convention of contract law, the participants
are typically called parties.
The CA is the first party.
The Member is the second party,
under a direct contract with CA
(< a href = "http://www.cacert.org/policy/CAcertCommunityAgreement.php" > CCA< / a > ).
< / p >
< p >
The end-user however is typically not a direct party to the contract
known as
< a href = "http://www.cacert.org/policy/NRPDisclaimerAndLicence.php" > NRP-DaL< / a >
because she has typically not seen it nor agreed to it.
In deference to this difficult position, she is termed
the second person rather than second party,
and more formally known as a Non-Related Person to
underscore that situation.
< / p >
< p >
Therefore,
in order to keep the above terms constant and less confusing,
any distributor is therefore termed the third person.
Hence this present agreement is between the first and third persons,
and the title reflects that.
(The use of the term Vendor does not imply there is a sale,
it is only industry convention to include free distributors
under this label.)
< / p >
< / blockquote >
Ian Grigg
14 years ago