YOU MUST READ THIS MORTGAGE BANKERS ASSOCIATION (MBA) SECURE IDENTITY SERVICES ACCREDITATION CORPORATION (SISAC) RELYING PARTY AGREEMENT ("AGREEMENT") AND CLICK “I AGREE” BELOW TO INDICATE YOUR AGREEMENT TO BE BOUND BY THE TERMS OF THIS AGREEMENT BEFORE VALIDATING AN ACCREDITED ISSUING AUTHORITY (“AIA”) DIGITAL CERTIFICATE ("CERTIFICATE"), USING AIA’S ONLINE CERTIFICATE STATUS PROTOCOL ("OCSP") SERVICES, OR OTHERWISE ACCESSING OR USING AN AIA’S DATABASE OF CERTIFICATE REVOCATIONS AND OTHER INFORMATION ("REPOSITORY") OR ANY CERTIFICATE REVOCATION LIST ISSUED BY AIA. ("CERTIFICATE REVOCATION LIST"). IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, YOU WILL NOT BE ABLE TO SUBMIT A QUERY OR DOWNLOAD, ACCESS, OR USE ANY AIA CRL BECAUSE YOU ARE NOT AUTHORIZED TO USE AIA’S REPOSITORY OR ANY AIA CRL. IN CONSIDERATION OF YOU AGREEING TO THE TERMS OF THIS RELYING PARTY AGREEMENT, YOU SHALL BE PERMITTED TO RELY ON CERTIFICATES ACCESSED BY YOU IN ACCORDANCE WITH THE TERMS OF THIS AGREEMENT. 

ARTICLE I

Definitions and Terms

1.1  "Accredited Issuing Authority" or "AIA" described in VeriSign's CP/CPS as a Certification Authority or (CA) shall mean an entity authorized to

issue, manage, revoke, and renew Certificates.

1.2 "Certificate" shall mean a digitally signed message that contains a Subscriber's public key and associates it with information authenticated by AIA or an AIA-authorized entity.

1.3 "Certificate Chain" shall mean an ordered list of Certificates starting with an AIA’s trusted root certificate and ending with an end-user Subscriber Certificate.  The Certificate Chain may optionally include intermediate certificates (i.e., CA certificates).

1.4  “Certificate Revocation List” is a data structure, digitally signed by the issuing AIA, which contains the date and time of the CRL publication, the name of the AIA, and the serial number of all the revoked certificates issued by that AIA that have not yet expired. 

1.5 "Nonverified Subscriber Information" means any information submitted by a Subscriber, and included within a Certificate, that is specifically not confirmed by the AIA or AIA-authorized entity (e.g., Registration Authority) pursuant to the terms of the AIA CP/CPS and for which the applicable AIA or AIA-authorized entity can provide no assurances other than that the information was submitted by the Subscriber.

1.6 “Online Certificate Status Protocol” or “OCSP” means a protocol for providing Relying Parties with real-time Certificate Status Information.

1.7 "Registration Authority" shall mean an entity authorized by an AIA to collect and verify Subscriber identity information in support of the Certificate application and Certificate issuance processes.  RAs may also support other certificate management processes (e.g., revocation) as authorized by the AIA CP/CPS to issue, revoke, or renew Certificates.

1.8 "Repository" shall mean a component of AIA operations whereby relying parties, Subscribers, and in some cases the general public can obtain the status of a Certificate, copies of AIA literature, including but not limited to, the AIA CP/CPS, Subscriber Agreements, and certificate revocation status information.

1.9 "Subscriber" shall mean a person who is the subject of and has been issued a Certificate.

1.10 "Subscriber Agreement" shall mean an agreement used by an AIA setting forth the terms and conditions under which an individual or organization acts as a Subscriber.

1.11 "AIA CP/CPS" shall mean, collectively, the AIA “Certificate Policy” and “Certification Practice Statement,” as amended from time to time, that govern the AIA’s operations and which may be accessed from the AIA’s Repository.

ARTICLE II

REPOSITORY; Reasonable reliance

2.1 Repository Services.  AIA will maintain the Repository in accordance with the AIA CP/CPS.  AIA will provide Relying Party with access to (i) the Repository to conduct certificate revocation status checks, either through retrieval of CRLs or use of some on-line and real-time protocol, (ii) Certificates issued by AIA to its Subscribers, and (iii) other AIA related information (e.g., AIA CP/CPS).

2.2 Reasonable Reliance. Relying Party shall be deemed to act in “Reasonable Reliance” on a Certificate presented to Relying Party by a Subscriber as set forth in this Article 2 provided that the Relying Party has:

(i) independently assessed the appropriateness of the use of a specific Certificate for any given purpose and determined that the Certificate has, in fact, been used for an appropriate purpose pursuant to the AIA CP/CPS and under circumstances where reliance would be reasonable and in good faith in light of all the circumstances that were known or should have been known to the Relying Party prior to reliance;

(ii) utilized the appropriate software and/or hardware to perform digital signature verification, including certification path validation as defined in IETF Request for Comment (RFC) 3280;

(iii) performed a certificate revocation status check with respect to such Certificate and logged the result of such status check; and

(iv) ensured that such Certificate has been issued by an AIA, and that such Certificate contains an approved policy identifier that represents a Basic, Medium, or High Certificate as defined in the SISAC CPRD.

All verification procedures and status checks must be successful for each Certificate in a Certificate Chain before Relying Party will be deemed to act with Reasonable Reliance on a Certificate.  If any Certificate in the Certificate Chain cannot be verified or has been revoked, Relying Party may not rely on the Subscriber Certificate or other Certificate in the Certificate Chain.  Relying Party bears all risk of relying on a Certificate while knowing or having reason to know of any facts that would cause a person of ordinary business prudence to refrain from relying on such Certificate.

2.3  Warranty.  AIA warrants to Relying Party (the “Warranty”) if such Relying Party acts in Reasonable Reliance on a particular Certificate:

(i) that all information in or incorporated by reference in the Certificate, except for Nonverified Subscriber Information, is accurate;

(ii) that non-revoked Certificates appearing in the Repository have been issued to the individual or organization named in the Certificate as the Subscriber, the Subscriber has accepted the Certificate, and the Certificate is valid if used for the purposes set forth in the AIA CP/CPS; and

(iii) the entities that approved and issued the Certificate have complied with the AIA CP/CPS when issuing the Certificate.

2.4 Disclaimer of Other Warranties. EXCEPT AS PROVIDED BY THE  WARRANTY, RELYING PARTY’S USE OF AIA’S SERVICE(S) IS SOLELY AT RELYING PARTY’S OWN RISK. RELYING PARTY AGREES THAT ALL SUCH SERVICES ARE PROVIDED ON AN "AS IS" AND AS AVAILABLE BASIS, EXCEPT AS OTHERWISE NOTED IN THIS AGREEMENT. AIA EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES OF ANY KIND, WHETHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.  AIA DOES NOT MAKE ANY WARRANTY THAT ITS SERVICE WILL MEET RELYING PARTY’S REQUIRMENTS, OR THAT ITS SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR FREE; NOR DOES AIA MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF ITS SERVICE OR TO THE ACCURACY OR RELIABILITY OF ANY INFORMATION OBTAINED THROUGH THE SERVICE. RELYING PARTY UNDERSTANDS AND AGREES THAT ANY MATERIAL AND/OR DATA DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF AIA’S SERVICES IS DONE AT RELYING PARTY’S OWN DISCRETION AND RISK. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY RELYING PARTY FROM AIA OR THROUGH AIA’S SERVICES SHALL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN.

Relying Party acknowledges and agrees that Relying Party has access to sufficient information to ensure that Relying Party can make an informed decision as to the extent to which Relying Party will choose to rely on the information in a Certificate. Relying Party acknowledges and agrees that Relying Party’s use of the Repository, and Relying Party’s use of any AIA’s on-line certificate revocation status checking services, are governed by this Agreement and the AIA CP/CPS. RELYING PARTY IS SOLELY RESPONSIBLE FOR DECIDING WHETHER OR NOT TO RELY ON THE INFORMATION IN A CERTIFICATE. Relying Party also acknowledges and agrees that Relying Party shall bear all consequences of Relying Party’s failure to comply with the Relying Party’s obligations set forth in this Agreement or to act with Reasonable Reliance.

2.5 Verification of Identity Only.  RELYING PARTY ACKNOWLEDGES THAT CERTIFICATES PURPORT TO ESTABLISH THE IDENTITY OF THE SENDER OR SIGNER OF AN ELECTRONIC MESSAGE OR DIGITAL SIGNATURE, NOT HIS OR HER AUTHORITY TO SIGN ON BEHALF OF AN ORGANIZATION, AND THAT AIA PLAYS NO PART IN ESTABLISHING THE AUTHORITY OR ABILITY OF AN INDIVIDUAL TO BIND HIS OR HER ORGANIZATION THROUGH THE USE OF A CERTIFICATE.  RELYING PARTY WILL ESTABLISH THROUGH NORMAL BUSINESS MEANS THE AUTHORITY OF AN INDIVIDUAL SENDING OR SIGNING AN ELECTRONIC MESSAGE OR DIGITAL SIGNATURE ON BEHALF OF AN ORGANIZATION.

2.6 Fees.  Relying Party will be notified, in advance, of the fee, if any, that AIA charges to check the status of a Certificate. 

2.7 Limitations of Liability. THIS SECTION 2.7 APPLIES TO LIABILITY UNDER CONTRACT (INCLUDING BREACH OF WARRANTY), TORT (INCLUDING NEGLIGENCE), AND ANY OTHER LEGAL OR EQUITABLE FORM OF CLAIM.  IF RELYING PARTY INITIATES ANY CLAIM, ACTION, SUIT, ARBITRATION, OR OTHER PROCEEDING RELATING TO SERVICES PROVIDED UNDER THIS AGREEMENT, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, AIA’s TOTAL LIABILITY FOR DAMAGES SUSTAINED BY RELYING PARTY AND TO WHICH THE WARRANTY APPLIES OR TO ANY THIRD PARTY FOR ANY USE OR RELIANCE ON A SPECIFIC CERTIFICATE TO WHICH THE WARRANTY APPLIES SHALL BE LIMITED, IN THE AGGREGATE, TO THE AMOUNTS SET FORTH BELOW AS APPLICABLE TO THE BELOW CERTIFICATE TYPES (AS DEFINED IN THE AIA CP/CPS).

BASIC  -  Five Thousand U.S. Dollars (US $5000.00)

MEDIUM  –  One Hundred Thousand U.S. Dollars (US $100,000.00)

HIGH  -  Not Provided at this Time

The liability limitations provided in this Section 2.7 shall be the same regardless of the number of digital signatures, transactions, or claims related to the Certificate in question. AIA SHALL NOT be obligated to pay more than the total liability limitation for each Certificate that is relied upon.  EXCEPT AS MAY BE PROVIDED IN THE  WARRANTY, NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, EXEMPLARY OR PUNITIVE DAMAGES, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, WHETHER THE CLAIM FOR SUCH DAMAGES IS BASED ON CONTRACT, TORT OR ANY OTHER THEORY

2.8 Protection of Private Key. RELYING PARTY IS HEREBY NOTIFIED OF THE POSSIBILITY OF THEFT OR OTHER FORM OF COMPROMISE OF A PRIVATE KEY CORRESPONDING TO A PUBLIC KEY CONTAINED IN A CERTIFICATE, WHICH MAY OR MAY NOT BE DETECTED, AND OF THE POSSIBILITY OF USE OF A STOLEN OR COMPROMISED KEY TO FORGE A DIGITAL SIGNATURE TO A DOCUMENT.

2.9 Indemnification.  Relying Party hereby agrees to release, indemnify, defend and hold harmless AIA, the Mortgage Banker’s Association, their subsidiaries and affiliates, and any of their respective contractors, agents, employees, officers, directors, shareholders, and assigns from all liabilities, claims, damages, costs and expenses, including reasonable attorney's fees and expenses, of third parties relating to or arising out of (i) Relying Party’s failure to perform its obligations in accordance with this Agreement, (ii) failure to act in Reasonable Reliance on a certificate, or (iii) Relying Party’s failure to check the status of a Certificate to determine if the Certificate is expired or revoked. When a party indemnified hereunder is threatened with suit or sued by a third party for a claim indemnified hereunder, AIA may seek written assurances from Relying Party concerning the obligation to indemnify such party, and Relying Party’s failure to provide such assurances may be considered a material breach of this Agreement. A party indemnified hereunder shall have the right to participate in any defense by Relying Party of a third-party claim related to Relying Party’s use of any AIA services, with counsel of the indemnified party’s choice at its own expense. Relying Party shall have sole responsibility to defend a party indemnified hereunder against any claim indemnified hereunder, but Relying Party must receive the applicable indemnified party’s prior written consent regarding any related settlement. The terms of this Section 2.9 will survive any termination or cancellation of this Agreement.

ARTICLE III

Miscellaneous

3.1 Third Party. AIA in performing its function in accordance with this Agreement and its objectives and purposes does not assume or undertake to discharge any responsibility of the Relying Party to any other party or for compliance with applicable laws. Nothing in this Agreement shall be considered to create a partnership, joint venture or similar relationship between the parties. In the performance of all services, Relying Party is an independent contractor, with the sole right to supervise, manage, control and direct the performance of the details of such work to be performed by Relying Party.

3.2 Communications. Any notice, communication or demand given or made in reference to this Agreement shall be in writing and delivered by hand, mail or facsimile to the AIA at its address as set out in the AIA CP/CPS. . Communication shall be deemed to have been received on the fifth business day following mailing of such communication; facsimile communication or hand delivery shall be deemed to have been received when sent.

3.3 Electronic Communication. The Relying Party may wish to exchange electronic documents with AIA. The Relying Party acknowledges that electronic data exchange is imperfect. Accordingly, if there are differences between an electronic document received by the Relying Party from AIA and the document in its original form held by AIA (whether such original is electronic or otherwise), the document in its original form shall govern. AIA neither assumes nor accepts any responsibility for the unintended delay, omission or error in the electronic transmission or receipt of any communications or documents. AIA is relying fully on the accuracy and authenticity of all documents provided by the Relying Party electronically. The Relying Party takes full and exclusive responsibility in ensuring that any such documents are received by AIA as intended by the Relying Party. The Relying Party agrees to indemnify AIA, its directors, officers, employees and agents, from all liability to the Relying Party and relevant third parties, arising from the difference between an electronic document and the original thereof and/or from reliance by the Relying Party or AIA upon the electronic document.

3.4 Non-Assignability. This Agreement shall not be assigned by the Relying Party without the written consent of AIA. Any assignment prohibited hereunder shall be null and void.

3.5 Applicable Law. This Agreement shall be governed by and interpreted in accordance with the laws of the State of New York, regardless of the place of execution and without regard to New York’s conflict of law provisions. State or federal courts located in New York, N.Y. shall have exclusive jurisdiction to hear any matter or dispute arising from this Agreement.

3.6 Third Party Beneficiary. The Mortgage Bankers Association, its subsidiaries and affiliates, and their respective employees, officers, and members are specifically made third party beneficiaries of the limitations of liability applicable to the AIA and indemnity set forth hereunder.

3.7 Application of Agreement. This Agreement applies to all Certificates for which the Relying Party seeks verification by AIA.

3.8 Waiver. Neither party’s failure to enforce strict performance of any provision of this Agreement will constitute a waiver of a right to subsequently enforce such a provision. No modification, extension or waiver of this Agreement shall be valid unless made in writing and signed by an authorized representative of the party to be charged. No written waiver shall constitute, or be construed as, a waiver of any other obligation or condition of this Agreement.

3.9 Severability. If any provision of this Agreement (or any portion thereof) shall be held to be invalid, illegal or unenforceable, the validity, legality or enforceability of the remainder hereof, shall not in any way to be affected or impaired thereby.

3.10 Survival. This Agreement shall be applicable for as long as Relying Party  relies on a Certificate, use the OCSP service, access or use AIA’s Repository and in any matter of respect concerning the subject matter of this Agreement.

3.11  Headings. The headings in this Agreement are intended for convenience of reference and shall not affect its interpretation.

3.12 Force Majeure. Except for indemnity obligations hereunder, neither party shall be deemed in default hereunder, nor shall it hold the other party responsible for, any cessation, interruption or delay in the performance of its obligations hereunder due to earthquake, flood, fire, storm, natural disaster, act of God, war, armed conflict, terrorist action, labor strike, lockout, boycott or other matter outside its reasonable control, provided that the party relying upon this Section 3.12 shall (i) have given the other party written notice thereof promptly and, where reasonably possible, in any event, within five (5) days of discovery thereof and (ii) shall take all reasonable steps reasonably necessary under the circumstances to mitigate the effects of the force majeure event upon which such notice is based; provided further, that in the event a force majeure event described in this Section 3.12 extends for a period in excess of thirty (30) days in aggregate, the other party may immediately terminate this Agreement.

3.13  Entire Agreement. Each party acknowledges that it has not been induced to enter into this Agreement by any representation or warranty not set forth in this Agreement. This Agreement, all exhibits, schedules, amendments and supplements hereto contains the entire agreement of the parties with respect to its subject matter and supersedes all existing agreements and all other oral, written or other communications between them concerning its subject matter. No modification, extension or waiver of this Agreement shall be valid unless made in writing and signed by an authorized representative of the party to be charged.