VERISIGNTM CPS
VERISIGN CERTIFICATION PRACTICE STATEMENT

IN SUPPORT OF VERISIGN'S PUBLIC CERTIFICATION SERVICES

CLASS 1-3 DIGITAL IDsSM /CERTIFICATES

VERSION 1.2

PROPOSED DATE: May 15, 1997

PUBLISHED DATE: May 30, 1997

VeriSign, Inc., 1350 Charleston Road, Mountain View, CA 94043 USA

COPYRIGHT ©1996, 1997 VERISIGN, INC.

ALL RIGHTS RESERVED


Ref. 009

VERISIGN CERTIFICATION PRACTICE STATEMENT

COPYRIGHT ©1996, 1997 VERISIGN, INC. ALL RIGHTS RESERVED.

ISBN 0-9653555-2-7

PRINTED IN THE UNITED STATES OF AMERICA

Without limiting the rights reserved above, and except as licensed below, no part of this publication may be reproduced, stored in or introduced into a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), without prior written permission of VeriSign, Inc.

Notwithstanding the above, permission is granted to reproduce and distribute this VeriSign certification practice statement on a nonexclusive, royalty-free basis, provided that (i) the foregoing copyright notice and the beginning paragraphs are prominently displayed at the beginning of each copy, and (ii) this document is accurately reproduced in full, complete with attribution of the document to VeriSign, Inc.

Requests for any other permission to reproduce this VeriSign Certification Practice Statement (CPS) (as well as requests for copies from VeriSign) must be addressed to VeriSign, Inc., One Alewife Center, Cambridge, MA 02140 USA Attn: Practices and External Affairs. Tel: (Old telephone number removed from CPS on 9.12.2005 as it is currently in use by a different party) Fax: +1 617 661-0716 Net: practices@verisign.com.

WARNING

THE USE OF VERISIGN'S PUBLIC CERTIFICATION SERVICES ARE SUBJECT TO VARIOUS U.S. FEDERAL AND STATE CRIMINAL LAWS, WHICH MAY INCLUDE BUT ARE NOT LIMITED TO: 18 U.S.C. SECTION 1030 (COMPUTER FRAUD AND ABUSE ACT OF 1986), 18 U.S.C. SECTION 1343 (FEDERAL WIRE FRAUD ACT), 18 U.S.C. SECTION 2701 (UNLAWFUL ACCESS TO STORED COMMUNICATIONS - THE ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986), AND 18 U.S.C. SECTION 1029 (FRAUD AND RELATED ACTIVITY IN CONNECTION WITH COMPUTERS).

VERISIGN RESERVES THE RIGHT TO SEEK AND ASSIST IN THE PROSECUTION OF ANY PERSON WHO ALLEGEDLY COMMITS A CRIME DIRECTLY AFFECTING VERISIGN'S PUBLIC CERTIFICATION SERVICES. VERISIGN OFFERS A REWARD OF UP TO $ 10,000.00 FOR INFORMATION LEADING TO THE ARREST AND CONVICTION OF ANYONE COMMITTING SUCH A CRIME.

QUICK SUMMARY OF IMPORTANT CPS RIGHTS AND OBLIGATIONS

PLEASE SEE THE TEXT OF THIS CPS FOR DETAILS. THIS SUMMARY IS INCOMPLETE. MANY OTHER IMPORTANT ISSUES ARE DISCUSSED IN THE CPS.

  1. This Certification Practice Statement controls the provision and use of VeriSign's public certification services [Section 1.1, Section 2.1] -- including certificate application [Section 4], application validation [Section 5], certificate issuance [Section 6], acceptance [Section 7], use [Section 8], and suspension and revocation [Section 9].
  2. You (the user) acknowledge that (i) you have been advised to receive proper training in the use of public key techniques prior to applying for a certificate and that (ii) documentation, training, and education about digital signatures, certificates, PKI, and the PCS are available from VeriSign [Section 1.6].
  3. VeriSign offers different classes of certificates [ Section 2.2]. You must decide which class(es) of certificate are right for your needs.
  4. Before submitting a certificate application [Section 4.2], you must generate a key pair [Sections 2.3.3, 4.1] and keep the private key secure from compromise in a trustworthy manner[Section 4.1.1]. Your software system should provide this functionality.
  5. You must accept [Section 7.1] a certificate before communicating it to others, or otherwise inducing their use of it. By accepting a certificate, you make certain important representations [Section 7.2].
  6. If you are the recipient of a digital signature or certificate, you are responsible for deciding whether to rely on it. Before doing so, VeriSign recommends that you check the VeriSign repository to confirm that the certificate is valid and not revoked, or suspended and then use the certificate to verify [Section 8.1] that the digital signature was created during the operational period of the certificate by the private key corresponding to the public key listed in the certificate, and that the message associated with the digital signature has not been altered.
  7. You agree to notify [Section 12.10] the applicable issuing authority upon compromise of your private key.
  8. This Certification Practice Statement provides various warranties made by VeriSign and the issuing authorities [Section 11.3]. VeriSign also has a refund policy [Section 11.1] Otherwise, warranties are disclaimed and liability is limited by VeriSign and issuing authorities [ Sections 11.2 and 11.3].
  9. The NetSureSM Protection Plan, upon its effective date, will provide enhanced warranty protection to subscribers of VeriSign-issued certificates who obtain certificates after the effective date. Relying parties can obtain the benefits of the NetsureSM Protection Plan by purchasing a certificate at VeriSign's Digital ID Center at https://digitalid.verisign.com/enroll.html. The NetSureSM Protection Plan alters the limitations of liability applicable to subscribers who obtain certificates on or after the effective date. For more information, see the NetSureSM Protection Plan at https://www.verisign.com/repository/netsure.
  10. The Certification Practice Statement contains various miscellaneous provisions [Section 12], requires compliance with applicable export regulations [Section 12.2], and prohibits infringement [Section 12.14].

For more information, see VeriSign's web site or contact customer service.

Acknowledgements

The suggestions, editorial comments, and assistance of the following people in the development and review of this VeriSign Certification Practice Statement are gratefully acknowledged:

Law

Professor Dr. Mads Bryde Andersen

University of Copenhagen, Denmark

Harold S. Burman, Esq.

U.S. State Department

Robert Daniels, Esq.

U.S. Social Security Administration

Professor Jos Dumortier

University of Leuven, Belgium

Deborah Fuerer, Esq.

Lloyd's of London

Eugene E. Hines, Esq.

American Society of Notaries

Janette M. Hoover, Esq.

Tomlinson Zisko Morosoli & Maser LLP

Toshio Kosone, Esq.

Kosone & Associates, Japan

Charles R. Merrill, Esq.

McCarter & English

Ray Nimmer, Esq.

Weil, Gotshal & Manges

Arthur F. Purcell, B.E., J.D.

U.S. Patent and Trademark Office

Ira Rubenstein, Esq.

Microsoft Corporation

John D. Ryan, Esq.

America Online, Inc.

Ruven Schwartz, Esq.

West Publishing Company

John F. Simanski Jr., Esq.

Lloyd's of London

Michiru Takahashi, Esq.

Showa Law Office, Japan

Timothy Tomlinson, Esq.

Tomlinson Zisko Morosoli & Maser LLP

Shinya Watanabe, Esq.

Showa Law Office, Japan

 

 

Engineering & Technology

 

Frank Chen

Netscape Communications Corporation

Allan Cooper

Microsoft Corporation

Steve Crocker

CyberCash, Inc.

Steve Dussé

RSA Data Security, Inc.

Taher Elgamal, Ph.D.

Netscape Communications Corporation

James M. Galvin, Ph.D.

CommerceNet

Peter Landrock, Ph.D.

Cryptomathic, Denmark

Ron Rivest, Ph.D.

Massachusetts Institute of Technology

Jeff Schiller

Massachusetts Institute of Technology

Allan Shiffman

Terisa Systems

David I. Solo

BBN, Inc.

 

 

Management & Consulting

 

Dwight Arthur

National Securities Clearing Corporation

Kaye Caldwell

Software Industry Coalition

Bruce Crabtree

Conanicut Communications

F. Jo Goodson

Goldman, Sachs & Co.

Mark Greene, Ph.D.

IBM Corporation

F. Lynn McNulty

RSA Data Security, Inc.

Michel Peereman

Belgian Federation of Chambers of Commerce

Guy Richard

La Poste, France

 

 

Audit and Business Controls

 

Eric T. Ashdown

KPMG Peat Marwick

Cris R. Castro, CISP

Ernst & Young (formerly KPMG Peat Marwick)

Kevin M. Coleman

KPMG Peat Marwick

Steven A. Dougherty

KPMG Peat Marwick

Martin Ferris

U.S. Department of the Treasury

Dwight Olsen

Data Securities International

Gary W. Riske

KPMG Peat Marwick

Professor Horton Sorkin, Ph.D.

Howard University

Stephen Spaulding

KPMG Peat Marwick

Geoffrey W. Turner

Ernst & Young (formerly KPMG Peat Marwick)

---

Additionally, the Information Security Committee, Electronic Commerce and Information Technology Division, Section of Science and Technology of the American Bar Association and its Digital Signature Guidelines initiative in the development of certain widely recognized practices are gratefully acknowledged.

Finally, the Mastercard/Visa specification of the Secure Electronic Transaction (SET) protocol is acknowledged as a source of design principles (such as hierarchy) and a protocol which this CPS seeks to accommodate.

COMMENTS AND SUGGESTIONS

Editorial comments and suggestions for future revisions of this CPS are solicited from the user community. Please send your comments to: practices@verisign.com or, to VeriSign, Inc., 1350 Charleston Road, Mountain View, CA 94043 USA Attn: Practices and External Affairs.

CPS Table of Contents

1.0 Prefatory Material
2.0 VeriSign Certification Infrastructure
3.0 Foundation For Certification Operations
4.0 Certificate Application Procedures
5.0 Validation of Certificate Applications
6.0 Issuance of Certificates
7.0 Acceptance of Certificates By Subscribers
8.0 Use of Certificates
9.0 Certificate Suspension and Revocation
10.0 Certificate Expiration
11.0 Obligations of Issuing Authorities and Verisign, and Limitations upon such Obligations
12.0 Miscellaneous Provisions
13.0 Appendix

COPYRIGHT © 1998 VERISIGN, INC.
ALL RIGHTS RESERVED
Copyright © 1998, VeriSign, Inc.
Inc.