EmailPrint

Symantec Relying Party Agreement

YOU MUST READ THIS RELYING PARTY AGREEMENT ("AGREEMENT") BEFORE VALIDATING A SYMANTEC CERTIFICATE , USING SYMANTEC'S ONLINE CERTIFICATE STATUS PROTOCOL ("OCSP") SERVICES, ACCESSING OR USING A SYMANTEC OR SYMANTEC AFFILIATED DATABASE OF CERTIFICATE REVOCATIONS OR RELYING ON ANY SYMANTEC CERTIFICATE-RELATED INFORMATION (COLLECTIVELY, " SYMANTEC INFORMATION”). IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, DO NOT SUBMIT A QUERY AND DO NOT DOWNLOAD, ACCESS, OR RELY ON ANY SYMANTEC INFORMATION. IN CONSIDERATION OF YOUR AGREEMENT TO THESE TERMS, YOU ARE ENTITLED TO USE SYMANTEC INFORMATION AS SET FORTH HEREIN.

AS USED IN THIS AGREEMENT, “COMPANY” MEANS AS FOLLOWS: (A) SYMANTEC CORPORATION, IF YOU ARE LOCATED IN THE AMERICAS, THAILAND, OR JAPAN; (B) SYMANTEC LTD., IF YOU ARE LOCATED IN EUROPE, MIDDLE EAST, AFRICA OR ASIA PACIFIC (EXCLUDING THAILAND, JAPAN, OR AUSTRALIA); AND (C) VERISIGN AUSTRALIA PTY LTD., IF YOU ARE LOCATED IN AUSTRALIA. PLEASE NOTE THAT COMPANY RESERVES THE RIGHT TO CHANGE THE COMPANY ENTITY PARTICIPATING IN THIS AGREEMENT BY NOTICE TO YOU, AS DESCRIBED IN THIS AGREEMENT.

1. Term of Agreement. This Agreement becomes effective when you submit a query to search for a Symantec Certificate, or rely on any Symantec Information in the manner set forth in the preamble above. This Agreement shall be applicable for as long as you use and/or rely on such Symantec Information.

2. Definitions.
"Certificate" or "Digital Certificate" means a message that, at least, states a name or identifies the issuing CA, identifies the Subscriber, contains the Subscriber's public key, identifies the Certificate’s validity period, contains a Certificate serial number, and contains a digital signature of the issuing CA.

"Certificate Applicant" means an individual or organization that requests the issuance of a Certificate by a Certification Authority.

"Certification Authority" or "CA" means an entity authorized to issue, suspend, or revoke Certificates. For purposes of this Agreement, CA shall mean Company.

"Certification Practice Statement" or "CPS" means a document, as revised from time to time, representing a statement of practices a CA employs in issuing Certificates. The Symantec CPS is published in the repository on Symantec’s website.

"Non-verified Subscriber Information" means any information submitted by a Certificate Applicant, and included within a Certificate, that has not been confirmed by the CA or RA and for which the applicable CA and RA provide no assurances other than that the information was submitted by the Certificate Applicant.

"Registration Authority" or "RA" means an entity approved by a CA to assist Certificate Applicants in applying for, approving, rejecting, or revoking Certificates.

"Relying Party" means an individual or organization that acts in reliance on a Certificate.

"Repository" means the collection of documents located at the link for the repository which may be accessed from the website where the Certificate was issued.

"Subscriber" means a person, organization, or entity who is the subject of and has been issued a Certificate, and is capable of using, and is authorized to use, the private key that corresponds to the public key listed in the Certificate at issue.

"Symantec Trust Network" or "STN" means the Certificate-based public key infrastructure governed by the Symantec Trust Network certificate policies, which enables the worldwide deployment and use of Certificates by Company, its affiliates, their respective customers, Subscribers and Relying Parties.

3. Informed Decision. You acknowledge and agree that: (i) you have sufficient information to make an informed decision as to the extent to which you choose to rely on the information in a Certificate; (ii) your use or reliance of any Symantec Information is governed by this Agreement and you shall bear the legal consequences of your failure to comply with the obligations contained herein. YOU ARE SOLELY RESPONSIBLE FOR DECIDING WHETHER OR NOT TO RELY ON THE INFORMATION IN A CERTIFICATE.

4. Certificates. Company offers three distinct classes of certificate services, with each class providing specific functionality and security features corresponding to a specific level of trust within the VTN:

    (i) Class 1 Certificates. Class 1 Certificates offer the lowest level of assurance and should not be used for authentication purposes or to support non-repudiation. These Certificates are issued to individuals, and authentication procedures are based on assurances that the Subscriber's distinguished name is unique within the domain of a particular CA and that a certain e-mail address is associated with a public key. These certificates do not provide proof of the identity of the Subscriber. Class 1 Certificates are appropriate for digital signatures, encryption, and access control for non-commercial or low-value transactions where proof of identity is not necessary.

    (ii) Class 2 Certificates. Class 2 Certificates offer a medium level of assurance in comparison with the other two classes. Class 2 authentication includes verification of information submitted by the Certificate Applicant against identity proofing sources. Class 2 Certificates can be used for digital signatures, encryption, and access control, including proof of identity in medium-value transactions. Under limited circumstances, Class 2 Certificates may be issued to an organizational Subscriber (rather than an individual within the organization). Such Certificates may be used for organization authentication and application signing only under the terms of the Symantec CPS.

     (iii) Class 3 Certificates. Class 3 Certificates provide the highest level of assurance within the VTN. Class 3 Certificates are issued to individuals and organizations for digital signatures, encryption, and access control, including proof of identity in high-value transactions. Class 3 individual Certificates provide assurance of the identity of the Subscriber based on the personal (physical) presence of the Subscriber to confirm his or her identity using, at a minimum, a well-recognized form of government-issued identification and one other identification credential. Class 3 organizational Certificates may be issued to devices to provide authentication; message, software, and content integrity; and confidentiality through encryption. Class 3 organizational Certificates provide assurance of the identity of the Subscriber based on a confirmation that the Subscriber organization does in fact exist, that the organization has requested the Certificate Application, and that the person submitting the Certificate Application on behalf of the Subscriber was authorized to do so. Class 3 organizational Certificates also provide assurance that the Subscriber is entitled to use the domain name listed in the Certificate Application.

5. Your Obligations. As a Relying Party, you are obligated to ensure the reasonableness of your reliance on any Symantec Information by: (i) assessing whether the use of a Certificate for any given purpose is appropriate under the circumstances; (ii) utilizing the appropriate software and/or hardware to perform digital signature verification or other cryptographic operations you wish to perform, as a condition of relying on a Certificate in connection with each such operation; and (iii) checking the status of a Certificate you wish to rely on, as well as the validity of all the Certificates in its chain.

6. Limitations on Use. YOU ARE HEREBY NOTIFIED OF THE POSSIBILITY OF THEFT OR OTHER FORM OF COMPROMISE OF A PRIVATE KEY CORRESPONDING TO A PUBLIC KEY CONTAINED IN A CERTIFICATE, WHICH MAY OR MAY NOT BE DETECTED, AND OF THE POSSIBILITY OF USE OF A STOLEN OR COMPROMISED KEY TO FORGE A DIGITAL SIGNATURE. Further, Symantec Certificates are not designed, intended, or authorized for use as control equipment in hazardous circumstances or for uses requiring fail-safe performance such as the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control systems, or weapons control systems, where failure could lead directly to death, personal injury, or severe environmental damage. Class 1 Certificates shall not be used as proof of identity or as support of non-repudiation of identity or authority. Company, its CAs, and RAs are not responsible for assessing the appropriateness of the use of a Certificate.

7. Compromise of VTN Security. You shall not monitor, interfere with, or reverse engineer the technical implementation of the VTN or otherwise intentionally compromise the security of the VTN (unless you cannot be prohibited from so doing under applicable law), except upon prior written approval from Company.

8. Company Warranties. Company warrants to Relying Parties who reasonably rely on a Certificate that: (i) all information in the Certificate, except for Non-verified Subscriber Information, is accurate as of the date of Certificate issuance; (ii) Certificates appearing in the Repository have been issued to the individual, organization, or device named in the Certificate as the Subscriber; and (iii) the Certificate was issued in substantial compliance with the Symantec CPS.

9. Disclaimers of Warranties. EXCEPT FOR THE EXPRESS LIMITED WARRANTIES CONTAINED IN SECTION 8, COMPANY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SATISFACTION OF CUSTOMER REQUIREMENTS, NON-INFRINGEMENT, AND ANY WARRANTY ARISING OUT OF A COURSE OF PERFORMANCE, DEALING OR TRADE USAGE. TO THE EXTENT JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN REPRESENTATIONS, WARRANTIES OR GUARANTEES, SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU.

10. Indemnity. You agree to indemnify, defend and hold harmless Company, any non- Symantec CA or RA, and any of their respective directors, shareholders, officers, agents, employees, successors and assigns from any and all third party claims, suits, proceedings, judgments, damages, and costs (including reasonable attorney's fees and expenses) arising from: (i) your failure to perform the obligations of a Relying Party in accordance with this Agreement, (ii) your reliance on a Certificate that is not reasonable under the circumstances, or (iii) your failure to check the status of a Certificate to determine if the Certificate is expired or revoked. Company shall promptly notify you of any such claim, and you shall bear full responsibility for the defense of such claim (including any settlements); provided however, that: (a) you keep Company informed of, and consult with Company in connection with the progress of such litigation or settlement; (b) you shall not have any right, without Company’s written consent, which consent shall not be unreasonably withheld, to settle any such claim if such settlement arises from or is part of any criminal action, suit or proceeding or contains a stipulation to or admission or acknowledgement of, any liability or wrongdoing (whether in contract, tort, or otherwise) on the part of Company, or requires any specific performance or non-pecuniary remedy by Company; and (c) Company shall have the right to participate in the defense of a claim with counsel of its choice at its own expense. The terms of this Section 10 will survive any termination of this Agreement.

11. Limitations of Liability.

11.1 THIS SECTION 11 APPLIES TO LIABILITY UNDER CONTRACT (INCLUDING BREACH OF WARRANTY), TORT (INCLUDING NEGLIGENCE AND/OR STRICT LIABILITY), AND ANY OTHER LEGAL OR EQUITABLE FORM OF CLAIM.

11.2 IF YOU INITIATE ANY CLAIM, ACTION, SUIT, ARBITRATION, OR OTHER PROCEEDING RELATING TO THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, COMPANY SHALL NOT BE LIABLE FOR: (I) ANY LOSS OF PROFIT, BUSINESS, CONTRACTS, REVENUE OR ANTICIPATED SAVINGS, OR (II) ANY INDIRECT OR CONSEQUENTIAL LOSS.

11.3 COMPANY'S TOTAL LIABILITY FOR ALL DAMAGES SUSTAINED BY ALL RELYING PARTIES CONCERNING A SPECIFIC CERTIFICATE (OTHER THAN AN EXTENDED VALIDATION CERTIFICATE) SHALL BE DETERMINED ACCORDING TO THE CLASS OF THE CERTIFICATE RELIED UPON AND LIMITED, IN THE AGGREGATE, TO THE AMOUNT SET FORTH BELOW.

Class
Liability Cap
Class 1 One Hundred U.S. Dollars (US $100.00) (or the local currency equivalent thereof)
Class 2 Five Thousand U.S. Dollars (US $5,000.00) (or the local currency equivalent thereof)
Class 3 One Hundred Thousand U.S. Dollars (US $100,000.00) (or the local currency equivalent thereof)

THE LIABILITY LIMITATIONS PROVIDED IN THIS SUBSECTION 11.3 SHALL BE THE SAME REGARDLESS OF THE NUMBER OF DIGITAL SIGNATURES, TRANSACTIONS, OR CLAIMS RELATED TO SUCH CERTIFICATE.

11.4 THIS SUBSECTION 11.4 APPLIES TO SYMANTEC SSL CERTIFICATES WITH EXTENDED VALIDATION ONLY: IF COMPANY FAILED TO ISSUE THE EXTENDED VALIDATION CERTIFICATE IN COMPLETE COMPLIANCE WITH THE EXTENDED VALIDATION GUIDELINES, THEN COMPANY’S LIABILITY FOR LEGALLY RECOGNIZED AND PROVEN CLAIMS SHALL BE LIMITED TO USD$2000 PER RELYING PARTY PER CERTIFICATE.

11.5 NOTWITHSTANDING THE FOREGOING, COMPANY’S LIABILITY SHALL NOT BE LIMITED UNDER THIS SECTION 11 IN CASES OF PERSONAL INJURY OR DEATH ARISING FROM COMPANY’S NEGLIGENCE OR TO ANY OTHER LABILITY WHICH CANNOT BE EXCLUDED BY APPLICABLE LAW (INCLUDING MANDATORY LAWS OF ANY APPLICABLE JURISDICTION). TO THE EXTENT JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN LIABILITY LIMITATIONS, SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU.

12. Force Majeure. Neither party shall be deemed in default hereunder, nor shall it hold the other party responsible for, any cessation, interruption or delay in the performance of its obligations hereunder (excluding payment obligations) due to earthquake, flood, fire, storm, natural disaster, act of God, war, armed terrorism, armed conflict, labor strike, lockout, boycott or other similar events beyond the reasonable control of such party, provided that the party relying upon this Section 12: (i) gives prompt written notice thereof; (ii) takes all steps reasonably necessary to mitigate the effects of the force majeure event; provided further, that in the event a force majeure event extends for a period in excess of thirty (30) days in the aggregate, either party may immediately terminate this Agreement upon written notice.

13. Severability. If any provision of this Agreement should be found by a court of competent jurisdiction to be invalid, illegal or unenforceable in any respect, the validity, legality and enforceability of the remaining provisions contained shall not, in any way, be affected or impaired thereby.

14. Governing Law. This Agreement and any disputes relating to the services provided hereunder shall be governed and interpreted according to each of the following laws, respectively, without regard to its conflicts of law provisions: (a) the laws of the State of California, if you are located in North America or Latin America; or (b) the law of England, if you are located in Europe, Middle East or Africa; or (c) the laws of Singapore, if you are located in Asia Pacific including Japan. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement.

15. Dispute Resolution. To the extent permitted by law, before you file suit or initiate an administrative claim with respect to a dispute involving any aspect of this Agreement, you shall notify Company, and any other party to the dispute for the purpose of seeking business resolution. Both you and Licensor shall make good faith efforts to resolve such dispute via business discussions. If the dispute is not resolved within sixty (60) days after the initial notice, then a party may proceed as permitted under applicable law as specified under this Agreement.

16. Non-Assignment. Except as stated otherwise, your rights under this Agreement are not assignable or transferable. Any attempt by your creditors to obtain an interest in your rights herein, whether by attachment, levy, garnishment or otherwise, renders this Agreement voidable at Company's option.

17. Notices. You will make all notices, demands or requests to Company with respect to this Agreement in writing to the "Contact" address listed on the website from where you purchased your Certificate, with a copy to: General Counsel – Legal Department, Symantec Corporation, 350 Ellis Street, Mountain View, California, USA 94043. References to telephone numbers above shall mean 1-650-527-8000.

18. Entire Agreement. This Agreement constitutes the entire understanding and agreement between Company and you with respect to the transactions contemplated, and supersedes any and all prior or contemporaneous oral or written representation, understanding, agreement or communication relating thereto.

Symantec Relying Party Agreement Version 5.0 (April 2012)