2008-01-18 22:56:31 +00:00
|
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
|
|
|
|
|
|
|
<html>
|
|
|
|
<head><title>CAcert Community Agreement</title></head>
|
|
|
|
<body>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3> <a name="0"> 0. </a> Introduction </h3>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
This agreement is between
|
|
|
|
you, being a registered member ("Member")
|
|
|
|
within CAcert's community at large ("Community")
|
|
|
|
and CAcert Incorporated ("CAcert"),
|
|
|
|
being an operator of services to the Community.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h4> <a name="0.1"> 0.1 </a> Terms </h4>
|
|
|
|
<ol><li>
|
|
|
|
"CAcert"
|
|
|
|
means CAcert Inc.,
|
|
|
|
a non-profit Association of Members incorporated in
|
|
|
|
New South Wales, Australia.
|
|
|
|
Note that Association Members are distinct from
|
|
|
|
the Members defined here.
|
|
|
|
</li><li>
|
|
|
|
"Member"
|
|
|
|
means you, a registered participant within CAcert's Community,
|
|
|
|
with an account on the website and the
|
|
|
|
facility to request certificates.
|
|
|
|
Members may be individuals ("natural persons")
|
|
|
|
or organisations ("legal persons").
|
|
|
|
</li><li>
|
|
|
|
"Organisation"
|
|
|
|
is defined under the Organisation Assurance programme,
|
|
|
|
and generally includes corporations and other entities
|
|
|
|
that become Members and become Assured.
|
|
|
|
</li><li>
|
|
|
|
"Community"
|
|
|
|
means all of the Members
|
|
|
|
that are registered by this agreement
|
|
|
|
and other parties by other agreements,
|
|
|
|
all being under CAcert's Arbitration.
|
|
|
|
</li><li>
|
|
|
|
"Non-Related Person" ("NRP"),
|
|
|
|
being someone who is not a
|
|
|
|
Member, is not part of the Community,
|
|
|
|
and has not registered their agreement.
|
|
|
|
Such people are offered the NRP-DaL
|
|
|
|
another agreement allowing the USE of certificates.
|
|
|
|
</li><li>
|
|
|
|
"Non-Related Persons - Disclaimer and Licence" ("NRP-DaL"),
|
|
|
|
another agreement that is offered to persons outside the
|
|
|
|
Community.
|
|
|
|
</li><li>
|
|
|
|
"Arbitration"
|
|
|
|
is the Community's forum for
|
|
|
|
resolving disputes, or jurisdiction.
|
|
|
|
</li><li>
|
|
|
|
"Dispute Resolution Policy" ("DRP" => COD7)
|
|
|
|
is the policy and
|
|
|
|
rules for resolving disputes.
|
|
|
|
</li><li>
|
|
|
|
"USE"
|
|
|
|
means the act by your software
|
|
|
|
to conduct its tasks, incorporating
|
|
|
|
the certificates according to software procedures.
|
|
|
|
</li><li>
|
|
|
|
"RELY"
|
|
|
|
means your human act in taking on a
|
|
|
|
risk and liability on the basis of the claim(s)
|
|
|
|
bound within a certificate.
|
|
|
|
</li><li>
|
|
|
|
"OFFER"
|
|
|
|
means the your act
|
|
|
|
of making available your certificate to another person.
|
|
|
|
Generally, you install and configure your software
|
|
|
|
to act as your agent and facilite this and other tasks.
|
|
|
|
OFFER does not imply suggestion of reliance.
|
|
|
|
</li><li>
|
|
|
|
"Issue"
|
|
|
|
means creation of a certificate by CAcert.
|
|
|
|
To create a certificate,
|
|
|
|
CAcert affixes a digital signature from the root
|
|
|
|
onto a public key and other information.
|
|
|
|
This act would generally bind a statement or claim,
|
|
|
|
such as your name, to your key.
|
|
|
|
</li><li>
|
|
|
|
"Root"
|
|
|
|
means CAcert's top level key,
|
|
|
|
used for signing certificates for Members.
|
|
|
|
In this document, the term includes any subroots.
|
|
|
|
</li><li>
|
|
|
|
"CAcert Official Document" ("COD" => COD3)
|
|
|
|
in a standard format for describing the details of
|
|
|
|
operation and governance essential to a certificate authority.
|
|
|
|
Changes are managed and controlled.
|
|
|
|
CODs define more technical terms.
|
|
|
|
See 4.2 for listing of relevant CODs.
|
|
|
|
</li><li>
|
|
|
|
"Certification Practice Statement" ("CPS" => COD6)
|
|
|
|
is the document that controls details
|
|
|
|
about operational matters within CAcert.
|
|
|
|
</li></ol>
|
|
|
|
|
|
|
|
|
|
|
|
<h3> <a name="1"> 1. </a> Agreement and Licence </h3>
|
|
|
|
|
|
|
|
<h4> <a name="1.1"> 1.1 </a> Agreement </h4>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
You and CAcert both agree to the terms and conditions
|
|
|
|
in this agreement.
|
|
|
|
Your agreement is given by any of
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<ul><li>
|
|
|
|
your signature on a form to request assurance of identity
|
|
|
|
("CAP" form),
|
|
|
|
</li><li>
|
|
|
|
your request on the website
|
|
|
|
to join the Community and create an account,
|
|
|
|
</li><li>
|
|
|
|
your request for Organisation Assurance,
|
|
|
|
</li><li>
|
|
|
|
your request for issuing of certificates, or
|
|
|
|
</li><li>
|
|
|
|
if you USE, RELY, or OFFER
|
|
|
|
any certificate issued to you.
|
|
|
|
</li></ul>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
Your agreement
|
|
|
|
is effective from the date of the first event above
|
|
|
|
that makes this agreement known to you.
|
|
|
|
This Agreement
|
|
|
|
replaces and supercedes prior agreements,
|
|
|
|
including the NRP-DaL.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h4> <a name="1.2"> 1.2 </a> Licence </h4>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
As part of the Community, CAcert offers you these rights:
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<ol><li>
|
|
|
|
You may USE any certificates issued by CAcert.
|
|
|
|
</li><li>
|
|
|
|
You may RELY on any certificate issued by CAcert,
|
|
|
|
as explained and limited by CPS (COD6).
|
|
|
|
</li><li>
|
|
|
|
You may OFFER certificates issued to you by CAcert
|
|
|
|
to Members for their RELIANCE.
|
|
|
|
</li><li>
|
|
|
|
You may OFFER certificates issued to you by CAcert
|
|
|
|
to NRPs for their USE, within the general principles
|
|
|
|
of the Community.
|
|
|
|
</li><li>
|
|
|
|
This Licence is free of cost,
|
|
|
|
non-exclusive, and non-transferrable.
|
|
|
|
</li></ol>
|
|
|
|
|
|
|
|
<h4> <a name="1.3"> 1.3 </a> Your Contributions </h4>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
You agree to a non-exclusive non-restrictive non-revokable
|
|
|
|
transfer of Licence to CAcert for your contributions.
|
|
|
|
That is, if you post an idea or comment on a CAcert forum,
|
|
|
|
or email it to other Members,
|
|
|
|
your work can be used freely by the Community for
|
|
|
|
CAcert purposes, including placing under CAcert's licences
|
|
|
|
for wider publication.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
You retain authorship rights, and the rights to also transfer
|
|
|
|
non-exclusive rights to other parties.
|
|
|
|
That is, you can still use your
|
|
|
|
ideas and contributions outside the Community.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
Note that the following exceptions override this clause:
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<ol><li>
|
|
|
|
Contributions to controlled documents are subject to
|
|
|
|
Policy on Policy ("PoP" => COD1)
|
|
|
|
</li><li>
|
|
|
|
Source code is subject to an open source licence regime.
|
|
|
|
</li></ol>
|
|
|
|
|
|
|
|
<h4> <a name="1.4"> 1.4 </a> Privacy </h4>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
You give rights to CAcert to store, verify and process
|
|
|
|
and publish your data in accordance with policies in force.
|
|
|
|
These rights include shipping the data to foreign countries
|
|
|
|
for system administration, support and processing purposes.
|
|
|
|
Such shipping will only be done among
|
|
|
|
CAcert Community administrators and Assurers.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
Privacy is further covered in the Privacy Policy ("PP" => COD5).
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h3> <a name="2"> 2. </a> Your Risks, Liabilities and Obligations </h3>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
As a Member, you have risks, liabilities
|
|
|
|
and obligations within this agreement.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h4> <a name="2.1"> 2.1 </a> Risks </h4>
|
|
|
|
|
|
|
|
<ol><li>
|
|
|
|
A certificate may prove unreliable.
|
|
|
|
</li><li>
|
|
|
|
Your account, keys or other security tools may be
|
|
|
|
lost or otherwise compromised.
|
|
|
|
</li><li>
|
|
|
|
You may find yourself subject to Arbitration
|
|
|
|
(DRP => COD7).
|
|
|
|
</li></ol>
|
|
|
|
|
|
|
|
<h4> <a name="2.2"> 2.2 </a> Liabilities </h4>
|
|
|
|
|
|
|
|
<ol><li>
|
|
|
|
You are liable for any penalties
|
|
|
|
as awarded against you by the Arbitrator.
|
|
|
|
</li><li>
|
|
|
|
Remedies are as defined in the DRP (COD7).
|
|
|
|
An Arbitrator's ruling may
|
|
|
|
include monetary amounts, awarded against you.
|
|
|
|
</li><li>
|
|
|
|
Your liability is limited to
|
|
|
|
a total maximum of
|
|
|
|
<b>1000 Euros</b>.
|
|
|
|
</li><li>
|
|
|
|
"Foreign Courts" may assert jurisdiction.
|
|
|
|
These include your local courts, and are outside our Arbitration.
|
|
|
|
Foreign Courts will generally refer to the Arbitration
|
|
|
|
Act of their country, which will generally refer
|
|
|
|
civil cases to Arbitration.
|
|
|
|
The Arbitration Act will not apply to criminal cases.
|
|
|
|
</li></ol>
|
|
|
|
|
|
|
|
<h4> <a name="2.3"> 2.3 </a> Obligations </h4>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
You are obliged
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<ol><li>
|
|
|
|
to provide accurate information
|
|
|
|
as part of Assurance.
|
|
|
|
You give permission for verification of the information
|
|
|
|
using CAcert-approved methods.
|
|
|
|
</li><li>
|
|
|
|
to make no false representations.
|
|
|
|
</li><li>
|
|
|
|
to submit all your disputes to Arbitration
|
|
|
|
(DRP => COD7).
|
|
|
|
</li></ol>
|
|
|
|
|
|
|
|
<h4> <a name="2.4"> 2.4 </a> Principles </h4>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
As a Member of CAcert, you are a member of
|
|
|
|
the Community.
|
|
|
|
You are further obliged to
|
|
|
|
work within the spirit of the Principles
|
|
|
|
of the Community.
|
|
|
|
These are described in
|
|
|
|
<a href="http://svn.cacert.org/CAcert/principles.html">Principles of the Community</a>.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h4> <a name="2.5"> 2.5 </a> Security </h4>
|
|
|
|
<p>
|
|
|
|
CAcert exists to help you to secure yourself.
|
|
|
|
You are primarily responsible for your own security.
|
|
|
|
Your security obligations include
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<ol><li>
|
|
|
|
to secure yourself and your computing platform (e.g., PC),
|
|
|
|
</li><li>
|
|
|
|
to keep your email account in good working order,
|
|
|
|
</li><li>
|
|
|
|
to secure your CAcert account
|
|
|
|
(e.g., credentials such as username, password),
|
|
|
|
</li><li>
|
|
|
|
to secure your private keys,
|
|
|
|
</li><li>
|
|
|
|
to review certificates for accuracy,
|
|
|
|
and
|
|
|
|
</li><li>
|
|
|
|
when in doubt, notify CAcert,
|
|
|
|
</li><li>
|
|
|
|
when in doubt, take other reasonable actions, such as
|
|
|
|
revoking certificates,
|
|
|
|
changing account credentials,
|
|
|
|
and/or generating new keys.
|
|
|
|
</li></ol>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
Where, above, 'secure' means to protect to a reasonable
|
|
|
|
degree, in proportion with your risks and the risks of
|
|
|
|
others.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h3> <a name="3"> 3. </a> Law and Jurisdiction </h3>
|
|
|
|
|
|
|
|
<h4> <a name="3.1"> 3.1 </a> Governing Law </h4>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
This agreement is governed under the law of
|
|
|
|
New South Wales, Australia,
|
|
|
|
being the home of the CAcert Inc. Association.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h4> <a name="3.2"> 3.2 </a> Arbitration as Forum of Dispute Resolution </h4>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
You agree, with CAcert and all of the Community,
|
|
|
|
that all disputes arising out
|
|
|
|
of or in connection to our use of CAcert services
|
|
|
|
shall be referred to and finally resolved
|
|
|
|
by Arbitration under the rules within the
|
|
|
|
Dispute Resolution Policy of CAcert
|
|
|
|
(DRP => COD7).
|
|
|
|
The rules select a single Arbitrator chosen by CAcert
|
|
|
|
from among senior Members in the Community.
|
|
|
|
The ruling of the Arbitrator is binding and
|
|
|
|
final on Members and CAcert alike.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
In general, the jurisdiction for resolution of disputes
|
|
|
|
is within CAcert's own forum of Arbitration,
|
|
|
|
as defined and controlled by its own rules (DRP => COD7).
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
We use Arbitration for many purposes beyond the strict
|
|
|
|
nature of disputes, such as governance and oversight.
|
|
|
|
A systems administrator may
|
|
|
|
need authorisation to conduct a non-routine action,
|
|
|
|
and Arbitration may provide that authorisation.
|
|
|
|
Thus, you may find yourself party to Arbitration
|
|
|
|
that is simply support actions, and you may file disputes in
|
|
|
|
order to initiate support actions.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h4> <a name="3.3"> 3.3 </a> Termination </h4>
|
|
|
|
<p>
|
|
|
|
You may terminate this agreement by resigning
|
|
|
|
from CAcert. You may do this at any time by
|
|
|
|
writing to CAcert's online support forum and
|
|
|
|
filing dispute to resign.
|
|
|
|
All services will be terminated, and your
|
|
|
|
certificates will be revoked.
|
|
|
|
However, some information will continue to
|
|
|
|
be held for certificate processing purposes.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
The provisions on Arbitration survive any termination
|
|
|
|
by you by leaving CAcert.
|
|
|
|
That is, even if you resign from CAcert,
|
|
|
|
you are still bound by the DRP (COD7),
|
|
|
|
and the Arbitrator may reinstate any provision of this
|
|
|
|
agreement or bind you to a ruling.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
Only the Arbitrator may terminate this agreement with you.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h4> <a name="3.4"> 3.4 </a> Changes of Agreement </h4>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
CAcert may from time to time vary the terms of this Agreement.
|
|
|
|
Changes will be done according to the documented CAcert policy
|
|
|
|
for changing policies, and is subject to scrutiny and feedback
|
|
|
|
by the Community.
|
|
|
|
Changes will be notified to you by email to your primary address.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
If you do not agree to the changes, you may terminate as above.
|
|
|
|
Continued use of the service shall be deemed to be agreement
|
|
|
|
by you.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h4> <a name="3.5"> 3.5 </a> Communication </h4>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
Notifications to CAcert are to be sent by
|
|
|
|
email to the address
|
|
|
|
<b>support</b> <i>at</i> CAcert.org.
|
|
|
|
You should attach a digital signature,
|
|
|
|
but need not do so in the event of security
|
|
|
|
or similar urgency.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
Notifications to you are sent
|
|
|
|
by CAcert to the primary email address
|
|
|
|
registered with your account.
|
|
|
|
You are responsible for keeping your email
|
|
|
|
account in good working order and able
|
|
|
|
to receive emails from CAcert.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
Arbitration is generally conducted by email.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h3> <a name="4"> 4. </a> Miscellaneous </h3>
|
|
|
|
|
|
|
|
<h4> <a name="4.1"> 4.1 </a> Other Parties Within the Community </h4>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
As well as you and other Members in the Community,
|
|
|
|
CAcert forms agreements with third party
|
|
|
|
vendors and others.
|
|
|
|
Thus, such parties will also be in the Community.
|
|
|
|
Such agreements are also controlled by the same
|
|
|
|
policy process as this agreement, and they should
|
|
|
|
mirror and reinforce these terms.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h4> <a name="4.2"> 4.2 </a> References and Other Binding Documents </h4>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
This agreement is CAcert Official Document 9 (COD9)
|
|
|
|
and is a controlled document.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
You are also bound by
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<ol><li>
|
2010-04-08 08:50:03 +00:00
|
|
|
<a href="http://www.cacert.org/policy/CertificationPracticeStatement.php">
|
2008-01-18 22:56:31 +00:00
|
|
|
Certification Practice Statement</a> (CPS => COD6).
|
|
|
|
</li><li>
|
2008-03-03 15:14:02 +00:00
|
|
|
<a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">
|
2008-01-18 22:56:31 +00:00
|
|
|
Dispute Resolution Policy</a> (DRP => COD7).
|
|
|
|
</li><li>
|
|
|
|
<a href="http://www.cacert.org/index.php?id=10">
|
|
|
|
Privacy Policy</a> (PP => COD5).
|
|
|
|
</li><li>
|
|
|
|
<a href="http://svn.cacert.org/CAcert/principles.html">
|
|
|
|
Principles of the Community</a>.
|
|
|
|
</li></ol>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
Where documents are referred to as <i>=> COD x</i>,
|
|
|
|
they are controlled documents
|
|
|
|
under the control of Policy on Policies (COD1).
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
This agreement and controlled documents above are primary,
|
|
|
|
and may not be replaced or waived except
|
|
|
|
by formal policy channels and by Arbitration.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h4> <a name="4.3"> 4.3 </a> Informative References </h4>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
The governing documents are in English.
|
|
|
|
Documents may be translated for convenience.
|
|
|
|
Because we cannot control the legal effect of translations,
|
|
|
|
the English documents are the ruling ones.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
You are encouraged to be familiar with the
|
|
|
|
Assurer Handbook,
|
|
|
|
which provides a more readable introduction for much of
|
|
|
|
the information needed.
|
|
|
|
The Handbook is not however an agreement, and is overruled
|
|
|
|
by this agreement and others listed above.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
<h4> <a name="4.4"> 4.4 </a> Not Covered in this Agreement </h4>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<b>Intellectual Property.</b>
|
|
|
|
This Licence does not transfer any intellectual
|
|
|
|
property rights ("IPR") to you. CAcert asserts and
|
|
|
|
maintains its IPR over its roots, issued certificates,
|
|
|
|
brands, logos and other assets.
|
|
|
|
Note that the certificates issued to you
|
|
|
|
are CAcert's intellectual property
|
|
|
|
and you do not have rights other than those stated.
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
</body>
|
|
|
|
</html>
|