6fce01195d
git-svn-id: http://svn.cacert.org/CAcert/Policies@1972 14b1bab8-4ef6-0310-b690-991c95c89dfd
573 lines
16 KiB
HTML
573 lines
16 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
|
|
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8" />
|
|
<title> CAcert Community Agreement </title>
|
|
<style type="text/css"> <!-- only for WIP -->
|
|
<!--
|
|
.q {
|
|
color : green;
|
|
font-weight: bold;
|
|
text-align: center;
|
|
font-style:italic;
|
|
}
|
|
.change {
|
|
color : blue;
|
|
font-weight: bold;
|
|
}
|
|
.change2 {
|
|
color : steelblue;
|
|
}
|
|
.strike {
|
|
color : blue;
|
|
text-decoration:line-through;
|
|
}
|
|
-->
|
|
</style>
|
|
|
|
</head>
|
|
<body>
|
|
|
|
<p style="text-align: center;">
|
|
<big>
|
|
<br /><b>WARNING:</b><br />
|
|
The proper policy document is located<br />
|
|
<a href="//www.cacert.org/policy/CAcertCommunityAgreement.php">
|
|
on the CAcert website </a>.<br />
|
|
</big>
|
|
This document is a <b>work-in-progress</b> to include future revisions only,<br />
|
|
and is currently <b>only relevant for the [policy] group</b>.<br />
|
|
Suggested <span class="change">additions in BLUE</span>, <span class="strike">strikes in blue</span>.<br />
|
|
</p>
|
|
<ul><li>
|
|
Iang <span class="change">20100716</span>: fixed up to deal with RDL and dropping of NRP-DaL. Plus minor format changes, and to XHTML<br />
|
|
</li></ul>
|
|
<hr />
|
|
|
|
|
|
|
|
<h3 id="s0"> 0. Introduction </h3>
|
|
|
|
<p>
|
|
This agreement is between
|
|
you, being a registered member ("Member")
|
|
within CAcert's community at large ("Community")
|
|
and CAcert Incorporated ("CAcert"),
|
|
being an operator of services to the Community.
|
|
</p>
|
|
|
|
<h4 id="s0.1"> 0.1 Terms </h4>
|
|
<ol><li>
|
|
"CAcert"
|
|
means CAcert Inc.,
|
|
a non-profit Association of Members incorporated in
|
|
New South Wales, Australia.
|
|
Note that Association Members are distinct from
|
|
the Members defined here.
|
|
</li><li>
|
|
"Member"
|
|
means you, a registered participant within CAcert's Community,
|
|
with an account on the website and the
|
|
facility to request certificates.
|
|
Members may be individuals ("natural persons")
|
|
or organisations ("legal persons").
|
|
</li><li>
|
|
"Organisation"
|
|
is defined under the Organisation Assurance programme,
|
|
and generally includes corporations and other entities
|
|
that become Members and become Assured.
|
|
</li><li>
|
|
"Community"
|
|
means all of the Members
|
|
that are registered by this agreement
|
|
and other parties by other agreements,
|
|
all being under CAcert's Arbitration.
|
|
</li><li>
|
|
"Non-Related Person" ("NRP"),
|
|
being someone who is not a
|
|
Member, is not part of the Community,
|
|
and has not registered their agreement.
|
|
<span class="strike">
|
|
Such people are offered the NRP-DaL
|
|
another agreement allowing the USE of certificates.
|
|
</span><span class="change">
|
|
Such persons may make USE of certificates,
|
|
but may only RELY by entering this agreement or other related agreement.
|
|
</span>
|
|
</li><li>
|
|
<span class="strike">
|
|
"Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"),
|
|
another agreement that is offered to persons outside the
|
|
Community. <br />
|
|
</span>
|
|
<span class="change">
|
|
"Root Distribution Licence" ("RDL"), an agreement for licensing the distribution of roots.
|
|
RDL replaces an earlier withdrawn licence (NRP-DaL).
|
|
</span>
|
|
</li><li>
|
|
"Arbitration"
|
|
is the Community's forum for
|
|
resolving disputes, or jurisdiction.
|
|
</li><li>
|
|
"Dispute Resolution Policy" ("DRP" => COD7)
|
|
is the policy and
|
|
rules for resolving disputes.
|
|
</li><li>
|
|
"USE"
|
|
means the act <b>by your software</b>
|
|
to conduct its tasks, incorporating
|
|
the certificates
|
|
<span class="change">
|
|
needed for correct operation
|
|
</span>
|
|
according to software procedures.
|
|
</li><li>
|
|
"RELY"
|
|
means <b>your human act</b> in taking on a
|
|
risk and liability on the basis of the claim(s)
|
|
bound within a certificate.
|
|
</li><li>
|
|
"OFFER"
|
|
means <span class="strike">the</span> your act
|
|
of making available <span class="strike">your</span> certificate<span class="change">S</span> to another person.
|
|
Generally, you install and configure your software
|
|
to act as your agent and facilite this and other tasks.
|
|
OFFER does not imply suggestion of <span class="strike">reliance</span> <span class="change">RELIANCE</span>.
|
|
</li><li>
|
|
"Issue"
|
|
means creation of a certificate by CAcert.
|
|
To create a certificate,
|
|
CAcert affixes a digital signature from the root
|
|
onto a public key and other information.
|
|
This act would generally bind a statement or claim,
|
|
such as your name, to your key.
|
|
</li><li>
|
|
"Root"
|
|
means CAcert's top level key,
|
|
used for signing certificates for Members.
|
|
In this document, the term includes any subroots.
|
|
</li><li>
|
|
"CAcert Official Document" ("COD" <span class="strike"> => COD3 </span>)
|
|
<span class="strike">in</span> <span class="change">is</span> a standard format for describing the details of
|
|
operation and governance essential to a certificate authority.
|
|
Changes are managed and controlled.
|
|
CODs define more technical terms.
|
|
See 4.2 for listing of relevant CODs.
|
|
</li><li>
|
|
"Certification Practice Statement" ("CPS" => COD6)
|
|
is the document that controls details
|
|
about operational matters within CAcert.
|
|
</li><li class="change">
|
|
"Certificate" means any public key or like device to which
|
|
the digital signature from CAcert's root has been affixed.
|
|
In this document, the term includes any roots needed for
|
|
correct operation.
|
|
</li></ol>
|
|
|
|
|
|
<h3 id="s1"> 1. Agreement and Licence </h3>
|
|
|
|
<h4 id="s1.1"> 1.1 Agreement </h4>
|
|
|
|
<p>
|
|
You and CAcert both agree to the terms and conditions
|
|
in this agreement.
|
|
Your agreement is given by any of
|
|
</p>
|
|
|
|
<ul><li>
|
|
your signature on a form to request assurance of identity
|
|
("CAP" form),
|
|
</li><li>
|
|
your request on the website
|
|
to join the Community and create an account,
|
|
</li><li>
|
|
your request for Organisation Assurance,
|
|
</li><li>
|
|
your request for issuing of certificates, or
|
|
</li><li>
|
|
if you USE, RELY, or OFFER
|
|
any certificate issued to you.
|
|
</li></ul>
|
|
|
|
<p>
|
|
Your agreement
|
|
is effective from the date of the first event above
|
|
that makes this agreement known to you.
|
|
This Agreement
|
|
replaces and supercedes prior agreements.
|
|
<span class="strike">, including the NRP-DaL.</span>
|
|
</p>
|
|
|
|
|
|
<h4 id="s1.2"> 1.2 Licence </h4>
|
|
|
|
<p>
|
|
As part of the Community, CAcert offers you these rights:
|
|
</p>
|
|
|
|
<ol><li>
|
|
You may USE any certificates issued by CAcert.
|
|
</li><li>
|
|
You may RELY on any certificate issued by CAcert,
|
|
as explained and limited by CPS (COD6).
|
|
</li><li>
|
|
You may OFFER certificates issued to you by CAcert
|
|
to Members for their RELIANCE.
|
|
</li><li>
|
|
You may OFFER certificates issued to you by CAcert
|
|
to NRPs for their USE, within the general principles
|
|
of the Community.
|
|
</li><li>
|
|
This Licence is free of cost,
|
|
non-exclusive, and non-transferrable.
|
|
</li></ol>
|
|
|
|
<h4 id="s1.3"> 1.3 Your Contributions </h4>
|
|
|
|
|
|
<p>
|
|
You agree to a non-exclusive non-restrictive non-revokable
|
|
transfer of Licence to CAcert for your contributions.
|
|
That is, if you post an idea or comment on a CAcert forum,
|
|
or email it to other Members,
|
|
your work can be used freely by the Community for
|
|
CAcert purposes, including placing under CAcert's licences
|
|
for wider publication.
|
|
</p>
|
|
|
|
<p>
|
|
You retain authorship rights, and the rights to also transfer
|
|
non-exclusive rights to other parties.
|
|
That is, you can still use your
|
|
ideas and contributions outside the Community.
|
|
</p>
|
|
|
|
<p>
|
|
Note that the following exceptions override this clause:
|
|
</p>
|
|
|
|
<ol><li>
|
|
Contributions to controlled documents are subject to
|
|
Policy on Policy ("PoP" => COD1)
|
|
</li><li>
|
|
Source code is subject to an open source licence regime.
|
|
</li></ol>
|
|
|
|
<h4 id="s1.4"> 1.4 Privacy </h4>
|
|
|
|
|
|
<p>
|
|
You give rights to CAcert to store, verify and process
|
|
and publish your data in accordance with policies in force.
|
|
These rights include shipping the data to foreign countries
|
|
for system administration, support and processing purposes.
|
|
Such shipping will only be done among
|
|
CAcert Community administrators and Assurers.
|
|
</p>
|
|
|
|
<p>
|
|
Privacy is further covered in the Privacy Policy ("PP" => COD5).
|
|
</p>
|
|
|
|
<h3 id="s2"> 2. Your Risks, Liabilities and Obligations </h3>
|
|
|
|
<p>
|
|
As a Member, you have risks, liabilities
|
|
and obligations within this agreement.
|
|
</p>
|
|
|
|
<h4 id="s2.1"> 2.1 Risks </h4>
|
|
|
|
<ol><li>
|
|
A certificate may prove unreliable.
|
|
</li><li>
|
|
Your account, keys or other security tools may be
|
|
lost or otherwise compromised.
|
|
</li><li>
|
|
You may find yourself subject to Arbitration
|
|
(DRP => COD7).
|
|
</li></ol>
|
|
|
|
<h4 id="s2.2"> 2.2 Liabilities </h4>
|
|
|
|
<ol><li>
|
|
You are liable for any penalties
|
|
as awarded against you by the Arbitrator.
|
|
</li><li>
|
|
Remedies are as defined in the DRP (COD7).
|
|
An Arbitrator's ruling may
|
|
include monetary amounts, awarded against you.
|
|
</li><li>
|
|
Your liability is limited to
|
|
a total maximum of
|
|
<b>1000 Euros</b>.
|
|
</li><li>
|
|
"Foreign Courts" may assert jurisdiction.
|
|
These include your local courts, and are outside our Arbitration.
|
|
Foreign Courts will generally refer to the Arbitration
|
|
Act of their country, which will generally refer
|
|
civil cases to Arbitration.
|
|
The Arbitration Act will not apply to criminal cases.
|
|
</li></ol>
|
|
|
|
<h4 id="s2.3"> 2.3 Obligations </h4>
|
|
|
|
<p>
|
|
You are obliged
|
|
</p>
|
|
|
|
<ol><li>
|
|
to provide accurate information
|
|
as part of Assurance.
|
|
You give permission for verification of the information
|
|
using CAcert-approved methods.
|
|
</li><li>
|
|
to make no false representations.
|
|
</li><li>
|
|
to submit all your disputes to Arbitration
|
|
(DRP => COD7).
|
|
</li></ol>
|
|
|
|
<h4 id="s2.4"> 2.4 Principles </h4>
|
|
|
|
<p>
|
|
As a Member of CAcert, you are a member of
|
|
the Community.
|
|
You are further obliged to
|
|
work within the spirit of the Principles
|
|
of the Community.
|
|
These are described in
|
|
<a href="http://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>.
|
|
</p>
|
|
|
|
<h4 id="s2.5"> 2.5 Security </h4>
|
|
<p>
|
|
CAcert exists to help you to secure yourself.
|
|
You are primarily responsible for your own security.
|
|
Your security obligations include
|
|
</p>
|
|
|
|
<ol><li>
|
|
to secure yourself and your computing platform (e.g., PC),
|
|
</li><li>
|
|
to keep your email account in good working order,
|
|
</li><li>
|
|
to secure your CAcert account
|
|
(e.g., credentials such as username, password),
|
|
</li><li>
|
|
to secure your private keys,
|
|
</li><li>
|
|
to review certificates for accuracy,
|
|
and
|
|
</li><li>
|
|
when in doubt, notify CAcert,
|
|
</li><li>
|
|
when in doubt, take other reasonable actions, such as
|
|
revoking certificates,
|
|
changing account credentials,
|
|
and/or generating new keys.
|
|
</li></ol>
|
|
|
|
<p>
|
|
Where, above, 'secure' means to protect to a reasonable
|
|
degree, in proportion with your risks and the risks of
|
|
others.
|
|
</p>
|
|
|
|
<h3 id="s3"> 3. Law and Jurisdiction </h3>
|
|
|
|
<h4 id="s3.1"> 3.1 Governing Law </h4>
|
|
|
|
<p>
|
|
This agreement is governed under the law of
|
|
New South Wales, Australia,
|
|
being the home of the CAcert Inc. Association.
|
|
</p>
|
|
|
|
<h4 id="s3.2"> 3.2 Arbitration as Forum of Dispute Resolution </h4>
|
|
|
|
<p>
|
|
You agree, with CAcert and all of the Community,
|
|
that all disputes arising out
|
|
of or in connection to our use of CAcert services
|
|
shall be referred to and finally resolved
|
|
by Arbitration under the rules within the
|
|
Dispute Resolution Policy of CAcert
|
|
(DRP => COD7).
|
|
The rules select a single Arbitrator chosen by CAcert
|
|
from among senior Members in the Community.
|
|
The ruling of the Arbitrator is binding and
|
|
final on Members and CAcert alike.
|
|
</p>
|
|
|
|
<p>
|
|
In general, the jurisdiction for resolution of disputes
|
|
is within CAcert's own forum of Arbitration,
|
|
as defined and controlled by its own rules (DRP => COD7).
|
|
</p>
|
|
|
|
<p>
|
|
We use Arbitration for many purposes beyond the strict
|
|
nature of disputes, such as governance and oversight.
|
|
A systems administrator may
|
|
need authorisation to conduct a non-routine action,
|
|
and Arbitration may provide that authorisation.
|
|
Thus, you may find yourself party to Arbitration
|
|
that is simply support actions, and you may file disputes in
|
|
order to initiate support actions.
|
|
</p>
|
|
|
|
<h4 id="s3.3"> 3.3 Termination </h4>
|
|
<p>
|
|
You may terminate this agreement by resigning
|
|
from CAcert. You may do this at any time by
|
|
writing to CAcert's online support forum and
|
|
filing dispute to resign.
|
|
All services will be terminated, and your
|
|
certificates will be revoked.
|
|
However, some information will continue to
|
|
be held for certificate processing purposes.
|
|
</p>
|
|
|
|
<p>
|
|
The provisions on Arbitration survive any termination
|
|
by you by leaving CAcert.
|
|
That is, even if you resign from CAcert,
|
|
you are still bound by the DRP (COD7),
|
|
and the Arbitrator may reinstate any provision of this
|
|
agreement or bind you to a ruling.
|
|
</p>
|
|
|
|
<p>
|
|
Only the Arbitrator may terminate this agreement with you.
|
|
</p>
|
|
|
|
<h4 id="s3.4"> 3.4 Changes of Agreement </h4>
|
|
|
|
<p>
|
|
CAcert may from time to time vary the terms of this Agreement.
|
|
Changes will be done according to the documented CAcert policy
|
|
for changing policies, and is subject to scrutiny and feedback
|
|
by the Community.
|
|
Changes will be notified to you by email to your primary address.
|
|
</p>
|
|
|
|
<p>
|
|
If you do not agree to the changes, you may terminate as above.
|
|
Continued use of the service shall be deemed to be agreement
|
|
by you.
|
|
</p>
|
|
|
|
<h4 id="s3.5"> 3.5 Communication </h4>
|
|
|
|
<p>
|
|
Notifications to CAcert are to be sent by
|
|
email to the address
|
|
<b>support</b> <i>at</i> CAcert.org.
|
|
You should attach a digital signature,
|
|
but need not do so in the event of security
|
|
or similar urgency.
|
|
</p>
|
|
|
|
<p>
|
|
Notifications to you are sent
|
|
by CAcert to the primary email address
|
|
registered with your account.
|
|
You are responsible for keeping your email
|
|
account in good working order and able
|
|
to receive emails from CAcert.
|
|
</p>
|
|
|
|
<p>
|
|
Arbitration is generally conducted by email.
|
|
</p>
|
|
|
|
<h3 id="s4"> 4. Miscellaneous </h3>
|
|
|
|
<h4 id="s4.1"> 4.1 Other Parties Within the Community </h4>
|
|
|
|
<p>
|
|
As well as you and other Members in the Community,
|
|
CAcert forms agreements with third party
|
|
vendors and others.
|
|
Thus, such parties will also be in the Community.
|
|
Such agreements are also controlled by the same
|
|
policy process as this agreement, and they should
|
|
mirror and reinforce these terms.
|
|
</p>
|
|
|
|
|
|
<h4 id="s4.2"> 4.2 References and Other Binding Documents </h4>
|
|
|
|
<p>
|
|
This agreement is CAcert Official Document 9 (COD9)
|
|
and is a controlled document.
|
|
</p>
|
|
|
|
<p>
|
|
You are also bound by
|
|
</p>
|
|
|
|
<ol><li>
|
|
<a href="http://svn.cacert.org/CAcert/policy.htm">
|
|
Certification Practice Statement</a> (CPS => COD6).
|
|
</li><li>
|
|
<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">
|
|
Dispute Resolution Policy</a> (DRP => COD7).
|
|
</li><li>
|
|
<a href="http://www.cacert.org/index.php?id=10">
|
|
Privacy Policy</a> (PP => COD5).
|
|
</li><li>
|
|
<a href="http://svn.cacert.org/CAcert/principles.html">
|
|
Principles of the Community</a>.
|
|
</li></ol>
|
|
|
|
<p>
|
|
Where documents are referred to as <i>=> COD x</i>,
|
|
they are controlled documents
|
|
under the control of Policy on Policies (COD1).
|
|
</p>
|
|
|
|
<p>
|
|
This agreement and controlled documents above are primary,
|
|
and may not be replaced or waived except
|
|
by formal policy channels and by Arbitration.
|
|
</p>
|
|
|
|
<h4 id="s4.3"> 4.3 Informative References </h4>
|
|
|
|
<p>
|
|
The governing documents are in English.
|
|
Documents may be translated for convenience.
|
|
Because we cannot control the legal effect of translations,
|
|
the English documents are the ruling ones.
|
|
</p>
|
|
|
|
<p>
|
|
You are encouraged to be familiar with the
|
|
Assurer Handbook,
|
|
which provides a more readable introduction for much of
|
|
the information needed.
|
|
The Handbook is not however an agreement, and is overruled
|
|
by this agreement and others listed above.
|
|
</p>
|
|
|
|
<h4 id="s4.4"> 4.4 Not Covered in this Agreement </h4>
|
|
|
|
<p>
|
|
<b>Intellectual Property.</b>
|
|
This Licence does not transfer any intellectual
|
|
property rights ("IPR") to you. CAcert asserts and
|
|
maintains its IPR over its roots, issued certificates,
|
|
brands, logos and other assets.
|
|
Note that the certificates issued to you
|
|
are CAcert's intellectual property
|
|
and you do not have rights other than those stated.
|
|
</p>
|
|
|
|
|
|
</body>
|
|
</html>
|