|
 |
VeriSign PKI Disclosure Statement
Version 1
- CA contact info: VeriSign, Inc., 487 East Middlefield Road, Mountain View, CA 94043, USA E-Mail: ca-support@verisign.com, Web:
<http://www.verisign.com>, Tel: 650-961-7500, Fax: 650-961-7300.
- Certificate type, validation procedures, and usages: The VeriSign Trust Network (VTN) is a PKI that accommodates a large, public community of users. Applications include digitally signing and authenticating identities and other attributes for e-mail, web forms, web sites, and encrypting/decrypting information.
- VeriSign Class 1 Individual Certificates modestly enhances the security of some of these applications by assuring that a certificate's subject and e-mail address are included unambiguously within VeriSign's repository. Class 1 Certificates provide assurances that communications originate from a particular source. Class 1 Certificates do not provide proof of identity.
- VeriSign Class 2 Individual Certificates provide a reasonable level, but not fool-proof assurance, of a subscriber's identity. Enterprise customers using Managed PKI validate certificate applicants by checking certificate applicants' identities against enterprise business records or databases. Identities may also be authenticated by comparing certificate applications to records kept by third parties such as credit bureaus.
- VeriSign Class 3 Individual Certificates provides validation of identity via in-person presentation of identification credentials or other enhanced procedures. These certificates are typically suitable for applications such as electronic banking and contracting. VeriSign Class 3 Certificates provide a higher level of assurance of a subcriber's identity. See <http://www.verisign.com/repository/CPS>.
- VeriSign Class 3 Oganizational Certificates provide assurances to an entity trying to authenticate an organization, such as an organization having a Website. Validation of certificate applicants includes comparision of certificate application information to information in third-party business databases or official records provided by the applicant, supplemented by independent contacts with the organization.
- Reliance limits: VeriSign does not set reliance limits for Class 1, 2, and 3 certificates. Reliance limits may be set by applicable law or by agreement. See Limitation of Liability, below.
- Obligations of subscribers: Subscribers must provide accurate information on their certificate applications, review the certificate to establish its accuracy before using it, reasonably protect their private keys from theft and unauthorized use by or disclosure to others, and notify VeriSign upon suspected private key compromise. WARNING: If a subscriber's private key is compromised, unauthorized persons could decrypt or sign messages with the key and commit the subscriber to unauthorized obligations. See <http://www.verisign.com/repository/PrivateKey_FAQ>.
- Certificate status checking obligations of relying parties: A relying party may justifiably rely upon a certificate only after confirming that the certificate has not been revoked or expired at <https://digitalid.verisign.com/> and determining that such certificate provides adequate assurances for its intended use.
- Limited warranty & disclaimer/ Limitation of liability: VeriSign has a warranty program, the NetSureSM Protection Plan ("Plan").
See <http://www.verisign.com/repository/netsure/>. EXCEPT AS PROVIDED UNDER THE PLAN, VERISIGN'S SERVICES ARE PROVIDED "AS IS." VERISIGN DISCLAIMS ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. EXCEPT AS STATED IN THE PLAN, VERISIGN'S TOTAL LIABILITY TO ALL PARTIES DAMAGED BY A PARTICULAR CERTIFICATE SHALL NOT EXCEED $1000 FOR A CLASS 1 CERTIFICATE, $5,000 FOR A CLASS 2 CERTIFICATE, OR $100,000 FOR A CLASS 3 CERTIFICATE. See Section 2.2.1.3 of the VeriSign CPS <https://www.verisign.com/repository/CPS/>.
- Applicable agreements, Certification Practice Statement, Certificate Policy: Subscriber agreements: see https://www.verisign.com/repository/subscriber/index.html; Relying Party Agreements see http://www.verisign.com/repository/rpa/index.html; VeriSign CPS: see http://www.verisign.com/repository/CPS.
- Privacy policy: Personal data is not shared without subscriber consent. See <http://www.verisign.com/truste/index.html>.
- Refund policy:Unconditional refund for 30 days; thereafter, only upon breach by VeriSign. See <http://www.verisign.com/repository/refund>.
- Applicable law and dispute resolution: California: California law. US/Canadian subscribers: disputes resolved in courts within jurisdiction over Santa Clara County, CA; Non US/Canadian subscribers: arbitration via the International Chamber of Commerce <http://www.iccwbo.org>. National law may restrict cross border movement of private keys and the encryption capacity they represent.
- CA and repository licenses, trust marks, and audit: Approved as a Certification Authority in multiple states. See
<http://www.verisign.com/repository/licenses.html>; TRUSTe see <http://www.truste.org> ,
SecureSite, see <https://seal.verisign.com/splash?form_file=fdf/splash.fdf&type;=GOLD&sealid;=2&dn;=WWW.VERISIGN.COM〈=en>. Annual SAS 70 Type 2 Audit and WebTrust for CA Audit performed by KPMG LLP, see
<https://cert.webtrust.org/ViewSeal?id=304>.
Note: This VeriSign PKI Disclosure Statement is applicable to VeriSign Trust NetworkSM certificates issued through VeriSign, Inc. The practice related to certificates issued through VeriSign affiliate may vary, due to local requirements.
|
 |
|