Comodo Relying Party Agreement

1 Application of Terms

1.1 These terms and conditions set out in this Agreement govern the relationship between you (the "Relying Party") and Comodo CA Limited ("Comodo") with regard to the Relying Party's:

1.1.1 validation, reliance on or use of a Certificate and the information and public key contained within for the purpose of verifying a Digital Signature and decrypting a message set out in that Certificate; and

1.1.2 use of the Repository.

1.2 By accessing a Certificate, the Relying Party consents to the terms and conditions in this Agreement and is deemed to have read and understood the CPS.

2 Definitions

2.1 In this Agreement the following terms and expressions shall have the following meanings:

2.1.1 "Business Day" means Monday to Friday inclusive excluding any days on which the banks in London are closed for business (other than for trading in Euros);

2.1.2 "Certificate Chain" means the chain of Digital Certificates which may arise due to the issuing of a Digital Certificate by a Subordinate Certification Authority.

2.1.3 "CPS" means the certification practice statement released by Comodo as amended from time to time;

2.1.4 "CRL" means Comodo's certificate revocation list;

2.1.5 "Digital Certificate" means an encrypted electronic data file (conforming to the X509 version 3 ITU-T standard) issued by Comodo in order to identify a person or entity or to provide SSL encryption using a Digital Signature or entity and which contains the identity of the person authorised to use the Digital Signature and a copy of their Public Key, a serial number, a time period during which the Digital Certificate may be used and a Digital Signature issued by Comodo

2.1.6 "Digital Certificate Subscriber Agreement" means the agreement entered into between Comodo and the Subscriber for the provision of a Digital Certificate;

2.1.7 "Digital Signature" means an encrypted electronic data file which is attached to or logically associated with other electronic data and which identifies and is uniquely linked to the signatory of the electronic data, is created using means that the signatory can maintain under its sole control and is linked in a way so as to make any subsequent changes that have been made to the electronic data detectable;

2.1.8 "Force Majeure Event" means any circumstances beyond the reasonable control of Comodo including without prejudice to the generality of the foregoing any natural disaster, act or regulation of any governmental or supra-national authority, lack or shortage of materials supplied by a third party (other than where such circumstances arise due to lack of reasonable planning), war or natural emergency, accident, epidemic, fire or riot;

2.1.9 "Prescribed Details" means the following details:

(a) indication that Digital Certificate is issued as a "qualified certificate";

(b) Comodo's name and state of establishment;

(c) name of Subscriber or Subscriber's pseudonym (to be identified as such);

(d) provision for inclusion of a specific attribute of Subscriber, if relevant and depending on purpose of Certificate;

(e) Public Key corresponding to the Private Key under the control of the Subscriber;

(f) indication of the beginning and end period of validity of the Digital Certificate;

(g) identity code of the Digital Certificate;

(h) Comodo's Digital Signature;

(i) limitations on the scope of use of the Certificate, if any; and

(j) limitations on the value of transactions for which the Certificate can be used, if any.

2.1.10 "Private Key" means a confidential encrypted electronic data file designed to interface with a Public Key using the same encryption algorithm and which may be used to create Digital Signatures, encrypt and decrypt files or messages and provide proof of identities to access secure websites;

2.1.11 "Public Key" means a publicly available encrypted electronic data file designed to interface with a Private Key using the same encryption algorithm and which may be used to verify Digital Signatures, encrypt and decrypt files or messages and verify identities to access secure websites;

2.1.12 "Repository" means a publicly available collection of databases for storing and retrieving Digital Certificates and other information relating to Digital Certificates and which may be accessed via Comodo's website;

2.1.13 "Subscriber" means a person who is issued a Digital Certificate signed by Comodo and who has entered into a Digital Certificate Subscription Agreement;

2.1.14 "Subordinate Certification Authority" means Comodo or any third party appointed by Comodo to act as a certification authority;

2.1.15 "IdAuthority Service" means the service provided by Comodo pursuant to this Agreement and utilising any IdAuthority enabled software which is used to verify and retrieve IdAuthority Certificates and display certain information from the IdAuthority Certificates on the IdAuthority Enabled Applications;

2.1.16 "IdAuthority Enabled Applications" means software and services developed by Comodo or third party software vendors for use with the IdAuthority Service.

2.1.16 "TrustToolbar Software" means the software program designed by Comodo for use with the IdAuthority Service and supplied by Comodo to end users pursuant to the TrustToolbar End-User Software Licence Agreement;

2.1.17 "TrustToolbar End-User Software Licence Agreement" means the agreement for the use of the TrustToolbar Software that may be attached or electronically linked to this Agreement;

2.1.16 "E-Sigil Software" means the software program designed by Comodo for use with the IdAuthority Service and supplied by Comodo to end users pursuant to the E-Sigil End-User Software Licence Agreement;

2.1.17 "E-Sigil End-User Software Licence Agreement" means the agreement for the use of the E-Sigil Software that may be attached or electronically linked to this Agreement;

2.1.18 "TrustLogo Service" means the service designed by Comodo for use with the IdAuthority Service;

2.1.19 “VEngine Service” means the software program designed by Comodo for use with the IdAuthority Service and Content Verification Certificates supplied by Comodo to end users pursuant to the VEngine End User Software License Agreement;

2.2.20 “VEngine End User Software License Agreement” means the arrangement for the use of the VEngine Software that may be attached or electronically linked to this Agreement;

2.2 In this Agreement unless otherwise specified;

2.2.1 references to clauses and schedules are to clauses of, and schedules to, this Agreement;

2.2.2 use of any gender includes the other genders;

2.2.3 references to a "person" shall be construed so as to include any individual, firm, company or other body corporate, government, state or agency of a state, local or municipal authority or government body or any joint venture, association, partnership or limited partnership (whether or not having separate legal personality);

2.2.4 a reference to any statute or statutory provision or regulations shall be construed as a reference to the same as it may have been, or may from time to time be, amended, modified or re-enacted;

2.2.5 any reference to a "day" (including within the phrase "Business Day") shall mean a period of 24 hours from midnight to midnight;

2.2.6 subject to clause 16, references to "indemnifying" any person against any circumstance include indemnifying and keeping him harmless from all actions, claims and proceedings from time to time made against him and all loss, damage, payments, cost or expenses suffered made or incurred by him as a consequence of that circumstance;

2.2.7 a reference to any other document referred to in this Agreement is a reference to that other document as amended, varied, novated or supplemented (other than in breach of the provisions of this Agreement) at any time;

2.2.8 headings and titles are for convenience only and do not affect the interpretation of this Agreement;

2.2.9 general words introduced by the word "other" shall not be given a restrictive meaning by reason of the fact that they are preceded by words indicating a particular class of acts, matters or things; and

2.2.10 references to "$" are to US Dollars and reference to any amount in such currency shall be deemed to include reference to an equivalent amount in any other currency.

3 Relying Party Obligations

3.1 In consideration of being permitted access to and use of the Repository and access to, use of and reliance on, a Digital Certificate, the IdAuthority Service or the VEngine Service the Relying Party agrees to do the following prior to relying upon a Digital Certificate:

3.1.1 where the Digital Certificate is issued by a third party, verify the Certificate Chain to ensure that the third party is a Subordinate Certification Authority and that the Digital Certificate was issued in accordance with the policies set out in the CPS;

3.1.2 check the CRL to ensure that the Digital Certificate is valid and operational; and

3.1.3 take any other steps which would be reasonable for the Relying Party to take in the given circumstances.

3.2 The Relying Party agrees not to use the Digital Certificate for any purpose other than the purpose set out in the relevant section of the CPS for that particular class and type of Digital Certificate and to comply with the policies and procedures set out in the CPS.

4 Comodo Obligations

4.1 Comodo agrees to :

4.1.1 update the CRL by registering all revocations of Digital Certificates used for SSL which have been made by Comodo or notified to Comodo by a Subscriber within the 34 hours immediately preceding the time of update in the CRL; and

4.1.2 amend in real-time the IdAuthority records by registering all revocations of Digital Certificates used for TrustLogo, TrustToolbar, E-Sigil and VEngine which have been made by Comodo or notified to Comodo by a Subscriber

4.1.2 validate information provided by each Subscriber on the Comodo enrolment form prior to issuing a Certificate containing that information using the methods set out in the table at Section titled "Validation of Certificate Applications" of the CPS.

5 Relying Party Acknowledgements

5.1 The Relying Party acknowledges that:

5.1.1 the CRL is updated by Comodo and therefore does not contain a real time record of all SSL Digital Certificate revocations.

5.1.2 the IdAuthority is updated by Comodo in real-time and provides immediate TrustLogo, TrustToolbar, E-Sigil and VEngine Certificate revocation

5.1.3 the security or integrity of a Private key which corresponds to a Public key contained in a Digital Certificate may be compromised due to an act or omission of a third party which has not been authorised by Comodo and agrees that Comodo shall not be liable to the Relying Party for any losses suffered by the Relying Party as a result of such compromise;

5.1.4 Comodo relies upon authorisation records, government records, third party business databases and domain name services to validate information contained in Digital Certificates and agrees that Comodo shall not be liable for loss suffered by the Relying Party as a result of inaccuracies or deficiencies contained in those records or databases or inaccurate information supplied by providers of domain name services or any other third party; and

5.1.5 Comodo performs differing degrees of validation of information in Digital Certificates depending on the level of warranty attached to the Digital Certificate and its intended use and agrees to take these factors into consideration when deciding whether or not to rely on a Digital Certificate.

6 Amendments to the CPS

Comodo reserves the right to amend any section of the CPS at any time without prior notice to the Relying Party, including without limitation, the section of the CPS that sets all the validation procedures for Digital Certificates.

7 Repository

The Repository is made on as "as is" and "as available" basis over publicly accessible networks and Comodo cannot be responsible for any failures in such network that may cause the Repository to be unavailable. Comodo excludes any warranty as to the availability of the Repository and reserves the right to exclude access to or close the Repository without notice at any time.

8 Exclusion of Warranties

Save as expressly provided under this Agreement all other warranties either expressed or implied are hereby excluded to the fullest extent permissible by law.

9 Termination

9.1 This Agreement shall commence on the date hereof and shall continue in force until terminated by Comodo in accordance with the provisions of clause 9.2 below.

9.2 Comodo may terminate this Agreement for convenience at any time and for any reason and will notify the Relying Party of such termination in accordance with Clause 14 of this Agreement.

10 Consequences of Termination

10.1 If this Agreement is terminated by Comodo in accordance with clause 9 above, the Relying Party shall not, from the date of such termination:

10.1.1 use or access the Repository; or

10.1.2 use, access or rely on a Digital Certificate or any Service provided by Comodo, and Comodo's obligations under this Agreement shall cease.

11 Limitation of Liability

11.1 Nothing in this Agreement shall exclude or limit either party's liability:

11.1.1 for death or personal injury resulting from the negligence of such party or its directors, officers, employees, contractors or agents (if any); or

11.1.2 in respect of fraud or of any statements made fraudulently by such party.

11.2 Subject to clause 11.1, Comodo shall not be liable to the Relying Party whether in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise for any loss of profit, loss of revenue, loss of anticipated savings, loss or corruption of data, loss of contract or opportunity or loss of goodwill whether that loss is direct, indirect or consequential and if Comodo shall be liable to the Relying Party in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise, Comodo's maximum liability to the Relying Party for SSL Certificates shall be limited to

11.2.1 $0.01 for a TrialSSL Certificate, and

11.2.2 $50 for an InstantSSL Certificate, and

11.2.3 $2500 for an InstantSSL Pro Certificate, and

11.2.4 $10,000 for a PremiumSSL Certificate and PremiumSSL Wildcard Certificate, and

11.3 Subject to clause 11.1, Comodo shall not be liable to the Relying Party whether in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise for any loss of profit, loss of revenue, loss of anticipated savings, loss or corruption of data, loss of contract or opportunity or loss of goodwill whether that loss is direct, indirect or consequential and if Comodo shall be liable to the Relying Party in contract (including under any indemnity or warranty), in tort (including negligence), under statute or otherwise, Comodo's maximum liability to the Relying Party for IdAuthority and TrustLogo shall be limited to

11.3.1 $0.01 for an IdAuthority Express Credentials, and

11.3.2 Warranty levels for TrustLogo product types are displayed within the TrustLogo credentials popup windows accessed through the user's browser by hovering the mouse over, or clicking the TrustLogo

11.4 The Relying Party acknowledges that limitations on the use of the Certificate and limitations on the value of transactions for which the Certificate can be used are set out in each Certificate and agrees that Comodo shall not be liable for any loss incurred (subject to clause 11.1 above) by the Relying Party from use of the Certificate which exceeds these limitations.

11.5 The parties acknowledge and agree that the limited warranty and limited liability set forth in this clause 8 are fundamental terms of this Agreement and are fair and reasonable having regard to the relationship between the parties and the benefits received by the Relying Party and obligations imposed on Comodo under this Agreement.

12 Force Majeure

Comodo shall not be liable for any breach of its obligations under this Agreement resulting from a Force Majeure Event.

13 Waiver

The waiver by either party of a breach or default of any of the provisions of this Agreement by the other party shall not be construed as a waiver of any succeeding breach of the same or other provisions nor shall any delay or omission on the part of either party to exercise or avail itself of any right power or privilege that it has or may have hereunder operate as a waiver of any breach or default by the other party.

14 Notices

14.1 Notices to Comodo

Any notice, request, instruction or other document to be given to Comodo under this Agreement shall be delivered or sent by first class post or by facsimile transmission (such facsimile transmission notice to be confirmed by letter posted within 12 hours) to the address or to the facsimile number of Comodo set out in this Agreement (or such other address or numbers as may have been notified to the Relying Party in writing) and any such notice or other document shall be deemed to have been served (if delivered) at the time of delivery (if sent by post) upon the expiration of 48 hours after posting or (if sent by facsimile transmission) upon the expiration of 12 hours after dispatch. The address for Comodo CA Limited is New Court, Regents Place, Regent Road, Manchester M5 4HB United Kingdom, Tel: +44 (0) 161 874 7070, Fax: +44 (0) 161 877 1767 to be marked for the attention of The Digital Certificate Subscriber Agreement Administrator.

14.2 Notices to Relying Party

Any notice, request, instruction or other document to be given to the Relying Party under this Agreement shall be posted on Comodo's website, situated at www.comodogroup.com in the section "Repository" and shall be deemed to have been served at the time of entry of the notice on Comodo's website.

15 Invalidity and Severability

If any provision of this Agreement (not being of a fundamental nature to its operation) shall be found by any court or administrative body of competent jurisdiction to be invalid or unenforceable the invalidity or unenforceability of such provision shall not affect the other provisions of this agreement and all provisions not affected by such invalidity or unenforceability shall remain in full force and effect. The parties hereby agree to attempt to substitute for any invalid or unenforceable provision a valid or enforceable provision which achieves to the greatest extent possible the economic, legal and commercial objectives of the invalid or unenforceable provision.

16 Entire Agreement

16.1 This Agreement and all documents referred to herein contain the entire and exclusive agreement and understanding between the parties on the subject matter contained herein and supersedes all prior agreements, understandings and arrangements relating thereto. No representation, undertaking or promise shall be taken to have been given or implied from anything said or written in negotiations between the parties prior to this Agreement except as may be expressly stated in this Agreement.

16.2 Without prejudice to any liability for fraudulent misrepresentation, no party shall be under any liability or shall have any remedy in respect of misrepresentation or untrue statement unless and to the extent that a claim lies for breach of this Agreement.

17 Assignment

Neither party may assign or transfer or purport to assign or transfer a right or obligation under this Agreement without first obtaining the other party's written consent.

18 Variation

18.1 Any variations to this Agreement required by law shall take effect immediately. Comodo shall provide written notice of such a variation to the Relying Party.

18.2 Subject to Clause 18.1, Comodo may vary any term of this Agreement at any time on the provision of 20 Business Days written notice to the Relying Party of the variation.

19 Governing Law and Jurisdiction

This Agreement and all matters arising from or connected with it, are governed by and shall be construed in accordance with English law and the parties hereby submit to the non-exclusive jurisdiction of the English courts.

This relying party agreement was last updated on 25 February 2005.