generated from smedev/Template-for-SMEServer-Contribs-Package
79 lines
3.5 KiB
HTML
79 lines
3.5 KiB
HTML
<html>
|
||
|
||
<head>
|
||
<title>Certificate Authority Agreement</title>
|
||
</head>
|
||
|
||
<body>
|
||
|
||
<h2 align=center>Certificate Authority Agreement</h2>
|
||
<h3 align=center>Policy and Practices</h3>
|
||
|
||
<br><br>
|
||
<p>This is a statement of practices by this Digital Certificate Authority.
|
||
Your use of this Certificate Authority constitutes your and/or your agency's
|
||
understanding and full acceptance of these practices and all associated risks.
|
||
<strong>Please have an authorized person at your agency sign this document and fax it to 000-000-0000</strong>
|
||
|
||
<p>This document may not be all encompassing, and we reserve the right to modify it at any time.
|
||
|
||
<ul>
|
||
<li> The sole role of this Certificate Authority is
|
||
to provide and maintain a password protected software application for the easy
|
||
and instant creation and management of standard x.509 personal digital
|
||
certificates for e-mail encryption. We assume no responsibility for
|
||
verifying the identity of any persons other than that of the limited number of
|
||
authorized users of the software.
|
||
We accept no liability for damages resulting from the use, misuse,
|
||
or compromise of the software application or its host server.
|
||
|
||
<p><li>As an authorized user of the software, you are in effect <strong>THE</strong> Certificate Authority for your
|
||
agency. As such, you are solely
|
||
responsible for authenticating the identity of the persons for whom you obtain
|
||
certificates. We accept no
|
||
responsibility or liability for non-repudiation in any digital certificate
|
||
created by this software. You agree that
|
||
password protection to the application by authorized certificate managers,
|
||
and personal identity management by
|
||
those managers is sufficient to create a chain of trust for non-repudiation
|
||
in all digital certificates created using the software.
|
||
|
||
<p><li>No more than two(2)
|
||
users at your agency should have access to your agency's Certificate Authority
|
||
password. We should be notified
|
||
immediately, via e-mail, when the employment of any
|
||
authorized user at your agency is terminated so that a new password can be
|
||
issued.
|
||
|
||
<p><li>This Certificate
|
||
Authority software application is accessed via the Internet using standard SSL
|
||
or Secure Server encryption mechanisms.
|
||
Although steps have been taken to protect the security and availability
|
||
of the host server and application, its exposure to the Internet as well as any
|
||
presently unknown security flaws could lead to potential compromise of the
|
||
software and your certificates.
|
||
|
||
<p><li>No promise is made as
|
||
to the availability of the software in the event of hardware, software, or
|
||
telecommunications failure or maintenance.<2E>
|
||
No advanced notice will be given when the software must be temporarily
|
||
taken off line for service.
|
||
|
||
<p><li>In order to provide
|
||
software which can easily create "instant" certificates it is
|
||
necessary to store all private keys on the host server. As such, all private keys are potentially exposed
|
||
to the Internet and suffer some risk of unauthorized access. However, since all private keys <strong>ARE
|
||
ENCRYPTED</strong> using a password provided by you, they are unlikely to be usable by
|
||
any intruder.
|
||
|
||
<p><li>A publicly accessible
|
||
web page is provided for interested Internet users to download the Certificate
|
||
Authority root certificate, certificate revocation list, and search for the
|
||
e-mail addresses and public certificates of users. So as to avoid e-mail address scraping by spammers, no static
|
||
content with users' e-mail addresses is available.
|
||
|
||
</ul>
|
||
</body>
|
||
|
||
</html>
|