SSL Certificate Service Relying Party Agreement
Starfield Technologies, Inc.
SSL Certificate Service Relying Party Agreement
This Starfield Technologies, Inc. SSL Certificate Service Relying Party Agreement ("Agreement") is by and between Starfield Technologies, Inc., an Arizona Corporation, its resellers ("Starfield") and You, Your heirs, agents, successors and assigns ("You"), and is made effective upon the earlier of 1) Your submission of a query to Starfield to search for a Certificate, 2) Your validation or attempted validation of a digital signature using a Starfield Certificate, or 3) Your use of any information in Starfield’s Certificate Revocation List (“CRL”). This Agreement sets forth the terms and conditions of Your use of Starfield's Certificate Services and represents the entire agreement between You and Starfield. Starfield’s Certificate Services are governed by Starfield’s Certification Practice Statement (“CPS"), which may be amended from time to time. The latest CPS may be found at http://www.starfieldtech.com/repository.
I. Definitions.
The following terms shall be defined in this Agreement as follows:
“CAs” or “Certification Authorities”, are entities such as Starfield that are authorized to create, sign, distribute, and revoke certificates. They are also responsible for distributing certificate status information and providing a repository where certificates and certificate status information is stored.
“Compromise” means a loss, theft, disclosure, modification, unauthorized use, or other breach of security related to a Private Key.
“Private Key” means a confidential encrypted electronic data file that interfaces with a Public Key using the same encryption algorithm, in order to verify Digital Signatures and encrypt files or messages.
“Public Key” means an encrypted electronic data file that is publicly available for interfacing with a Private Key.
“RAs” or “Registration Authorities”, are the Subordinate Certification Authorities that are under the control of Starfield.
“Relying Party” means an individual or entity that acts in reliance on a Certificate or digital signature associated with a Certificate.
“Repository” means the section of Starfield’s website which contains information related to PKI, including the CPS, any related agreements, and CRLs.
“Subscriber” means the individual or entity that has been issued a Certificate and is authorized to use the Private Key that corresponds to the Public Key in the Certificate.
“Starfield CPS” means the Starfield Certificate Practice Statement, which defines and describes how the Starfield PKI and its Certificates work.
“Starfield PKI” means the Starfield Public Key Infrastructure that provides Certificates for individuals and entities.
“Starfield PKI Site Seal” means a graphic image that a web site displays to show that transactions on that web site are secured by the Certificate Service.
II. The Certificate Service and Your Obligations as a Relying Party.
You shall:
(a) confirm the validity of Subscriber Public Key Certificates by using the applicable CRL;
(b) verify that the Subscriber possesses the asymmetric Private Key corresponding to the Public Key Certificate (e.g., through digital signature verification); and
(c) use the Public Key in the Subscriber’s Certificate in compliance with this Agreement and the CPS.
III. Use Restrictions.
You are prohibited from:
(a) using the Certificate Service on behalf of any other entity;
(b) copying or decompiling (except where such decompilation is permitted by Section 50B of the Copyright, Designs, and Patent Act of 1988), enhancing, adapting, or modifying a Certificate(s), Private Key(s) or Public Key(s); or
(c) interfering with the Starfield PKI and/or compromising its security.
IV. Starfield Representations and Warranties.
Starfield warrants and represents that, to the best of its knowledge:
(a) there are no material misrepresentations of fact in the Certificate;
(b) there are no informational errors in the Certificate introduced by the entities that approved the Certificate Application or issued the Certificate as a result of failing to exercise reasonable care in managing the Certificate Application or creating the Certificate;
(c) it is providing the Certificate Service with reasonable skill and care; and
(d) the Certificate, revocation services, and Starfield’s use of a repository comply in all material respects with the Starfield CPS.
V. Relying Party Warranties and Representations.
You warrant and represent that:
(a) the Certificate is being used lawfully by You and with authorization;
(b) You are using the Certificate in a Relying Party capacity;
(c) You disclaim any fiduciary relationship between Starfield and any non-Starfield Certification Authorities, and between You and any Subscriber; and
(d) You understand that a Starfield Subscriber is solely responsible for the generation and security of the Private Key corresponding to the Public Key contained in the Subscriber’s
Certificate, and that the Subscriber may have failed to keep the Certificate secure and if so, the Private Key may have become compromised.
VI. Disclaimers of Warranties.
STARFIELD, ITS CAS, ITS RESELLERS, CO-MARKETERS, SUBCONTRACTORS, DISTRIBUTORS, AGENTS, SUPPLIERS, AND EMPLOYEES MAKE NO REPRESENTATIONS AND EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND UNLESS STATED OTHERWISE WITHIN THE STARFIELD PKI AGREEMENTS, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, TITLE, SATISFACTORY TITLE, AND ALSO INCLUDING WARRANTIES THAT ARE STATUTORY OR BY USAGE OF TRADE. STARFIELD MAKES NO WARRANTY THAT ITS SERVICE(S) WILL MEET ANY EXPECTATIONS, OR THAT THE SERVICE(S) WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR FREE, OR THAT DEFECTS WILL BE CORRECTED. STARFIELD MAKES NO WARRANTIES THAT ANY WEB SITE CONTAINING THE STARFIELD PKI SITE SEAL IS IN COMPLIANCE WITH STARFIELD’S PKI STANDARDS. STARFIELD DOES NOT WARRANT, NOR MAKE ANY REPRESENTATIONS REGARDING THE USE, OR RESULTS OF, ANY OF THE SERVICES WE PROVIDE, IN TERMS OF THEIR CORRECTNESS, ACCURACY, RELIABILITY, OR OTHERWISE.
VII. Indemnity.
You shall indemnify and hold harmless Starfield, any non-Starfield Certificate Authorities associated with Starfield PKI, and Starfield’s contractors, agents, employees, officers, directors, shareholders, affiliates and assigns from and against any claims, liabilities, damages, costs and expenses, including reasonable attorney’s fees, court costs, and experts fees, of third parties relating to or arising out of use or reliance by You on any Starfield Certificate or any service provided in respect to Starfield Certificates, including (i) improper, illegal, or unauthorized use of a Certificate, (ii) using a Certificate that is unreliable, expired, revoked, or unvalidated, (iii) failing to perform Your duties as a Relying Party (iv) relying on a Certificate that is not reasonable under the circumstances, or (v) failing to check the status of a Certificate to determine if it is expired or revoked. You agree to notify Starfield of any such claim promptly in writing and to allow Starfield to control the proceedings. You agree to cooperate fully with Starfield during such proceedings. You shall defend and settle at Your sole expense all proceedings arising out of the foregoing.
VIII. Limitation of Liability.
STARFIELD SHALL NOT BE LIABLE FOR ANY LOSS OF CERTIFICATE SERVICES DUE TO (1) WAR, NATURAL DISASTERS OR OTHER UNCONTROLLABLE FORCES; (2) AN INTERRUPTION THAT OCCURS BETWEEN THE TIME A CERTIFICATE IS REVOKED AND THE NEXT SCHEDULED ISSUANCE OF A CERTIFICATE, (3) ARISING FROM THE NEGLIGENT OR FRAUDULENT USE OF CERTIFICATES ISSUED BY STARFIELD, (4) DISCLOSURE OF PERSONAL INFORMATION CONTAINED
WITHIN CERTIFICATES, (5) FAILURE BY A SUBSCRIBER TO GENERATE OR MAINTAIN A SECURE AND CRYPTOGRAPHICALLY SOUND KEY PAIR, OR (6) IF SUCH PRIVATE KEY IS COMPROMISED. STARFIELD SHALL NOT BE LIABLE FOR THE ACTIONS OF ANY WEB SITE DISPLAYING THE STARFIELD PKI SITE SEAL.
THE TOTAL CUMULATIVE LIABILITY OF STARFIELD, ANY INDEPENDENT THIRD-PARTY REGISTRATION AUTHORITY OPERATING UNDER A STARFIELD CA, ANY RESELLERS, OR CO-MARKETERS, OR ANY SUBCONTRACTORS, DISTRIBUTORS, AGENTS, SUPPLIERS, EMPLOYEES, OR DIRECTORS OF ANY OF THE FOREGOING TO ANY APPLICANT, SUBSCRIBER, RELYING PARTY OR ANY OTHER PERSON, ENTITY, OR ORGANIZATION ARISING OUT OF OR RELATING TO ANY STARFIELD CERTIFICATE OR ANY SERVICES PROVIDED IN RESPECT TO STARFIELD CERTIFICATES, INCLUDING ANY USE OR RELIANCE ON ANY STARFIELD CERTIFICATE, SHALL NOT EXCEED ONE THOUSAND UNITED STATES DOLLARS ($1000.00 U.S.) ("CUMULATIVE DAMAGE LIMIT"). THIS LIMITATION SHALL APPLY PER STARFIELD CERTIFICATE REGARDLESS OF THE NUMBER OF TRANSACTIONS OR CAUSES OF ACTION ARISING OUT OF OR RELATED TO SUCH STARFIELD CERTIFICATE OR ANY SERVICES PROVIDED IN RESPECT TO SUCH STARFIELD CERTIFICATE. THE FOREGOING LIMITATIONS SHALL APPLY TO ANY LIABILITY WHETHER BASED IN CONTRACT (INCLUDING FUNDAMENTAL BREACH), TORT (INCLUDING NEGLIGENCE), LEGISLATION OR ANY OTHER THEORY OF LIABILITY, INCLUDING ANY DIRECT, INDIRECT, SPECIAL, STATUTORY, PUNITIVE, EXEMPLARY, CONSEQUENTIAL, RELIANCE, OR INCIDENTAL DAMAGES.
IX. Modifications.
You agree that Starfield may modify this Agreement and the terms of the Certificate Service from time to time. Any such revisions shall be binding and effective immediately upon posting the revised Agreement on the Starfield website. By continuing to use Starfield’s Certificate Service after there has been a revision to this Agreement or the Service, You agree to be bound by such revision.
X. Force Majeure.
Neither party shall be in default or otherwise liable for any delay in or failure of its performance under this Agreement if such delay or failure arises by any reason beyond its reasonable control, including any act of God, any acts of the common enemy, the elements, earthquakes, floods, fires, epidemics, riots, failures or delay in transportation or communications, or any act or failure to act by the other party or such other party's employees, agents or contractors; provided, however, that lack of funds shall not be deemed to be a reason beyond a party's reasonable control. The parties will promptly inform and consult with each other as to any of the above causes which in their judgment may or could be the cause of a delay in the performance of this Agreement.
XI. Severability and Entire Agreement.
You agree that the terms of this Agreement are severable. If any part of this Agreement is determined to be unenforceable or invalid, that part of the agreement will be interpreted in accordance with applicable law as closely as possible, in line with the original intention of both parties of the Agreement. The remaining terms and conditions of the agreement will remain in full force and effect.
You agree that this Agreement including the policies it refers to (i.e. the CPS, etc.) constitute the complete and only agreement between You and Starfield regarding the Certificate Service contemplated herein. If any of the provisions of the related polices are held to be invalid or unenforceable by an arbitrator or court of competent jurisdiction, the validity of the other provisions of this Agreement and related policies shall not in any way be affected or impaired thereby.
XII. Venue; Waiver of Trial by Jury.
THIS AGREEMENT SHALL BE DEEMED ENTERED INTO IN THE STATE OF ARIZONA, REGARDLESS OF CONTRACT OR OTHER CHOICE OF LAW PROVISIONS. THE LAWS AND JUDICIAL DECISIONS OF MARICOPA COUNTY, ARIZONA, SHALL BE USED TO DETERMINE THE VALIDITY, CONSTRUCTION, INTERPRETATION AND LEGAL EFFECT OF THIS AGREEMENT. YOU AGREE THAT ANY ACTION RELATING TO OR ARISING OUT OF THIS AGREEMENT, SHALL BE BROUGHT IN THE COURTS OF MARICOPA COUNTY, ARIZONA. ANY APPLICABLE NATIONAL, STATE, LOCAL AND FOREIGN LAWS, RULES, REGULATIONS, ORDINANCES, DECREES, AND ORDERS INCLUDING, BUT NOT LIMITED TO, RESTRICTIONS ON EXPORTING OR IMPORTING SOFTWARE, HARDWARE, OR TECHNICAL INFORMATION SHALL APPLY TO THIS AGREEMENT. THE UNITED NATIONS CONVENTION ON CONTRACTS FOR THE INTERNATIONAL SALE OF GOODS SHALL NOT APPLY TO THIS AGREEMENT.
YOU AGREE TO WAIVE THE RIGHT TO TRIAL BY JURY IN ANY PROCEEDING THAT TAKES PLACE RELATING TO OR ARISING OUT OF THIS AGREEMENT.
XIII. Assignment.
You shall not assign or otherwise transfer the this Agreement to anyone, including any parent, subsidiaries, affiliated entities or third parties, or as part of the sale of any portion of its business, or pursuant to any merger, consolidation or reorganization, without Starfield's prior written consent.
XIV. Waiver.
The waiver or failure of either party to exercise in any respect any right provided for in this Agreement shall not be deemed a waiver of any further right under this Agreement.
XV. Survival.
Parts III, VI, VII, VIII, X, XI, XII, XIII, and XV shall survive the termination of this Agreement.
XVI. Notices.
Any notice, demand, or request pertaining to this Agreement or related agreements, (i.e., the CPS) shall be communicated either using email or in writing. Electronic communications from You to Starfield shall be effective when received by the intended recipient at Starfield, and written communications shall be effective five days after mailing or upon receipt, whichever is sooner. Notice from Starfield to You shall be deemed binding and effective thirty (30) days after posting the revised Agreement on the Starfield website, or when You receive the notice in writing from Starfield, whichever comes first.
Notices from You to Starfield shall be made either by email, sent to the address we provide on our web site, or first class mail to our address at:
Starfield PKI C/O Starfield Technologies, Inc., 14455 North Hayden Rd., Suite 219,
Scottsdale, AZ 85260 practices@starfieldtech.com
Copyright © Starfield Technologies, Inc. 2004 All Rights Reserved.