BT Trust Services Relying Third Party Charter for Key Manager Certificates
Issue 4 (July 2004)

You should read this Relying Third Party Charter (the "Charter") before validating a VeriSign Trust Network Key Manager digital certificate (a " KM Certificate") issued by BT, using BT's Online Certificate Status Protocol ("OCSP") service or otherwise accessing or using the BT database of KM Certificate revocation or other information ("Repository") or any Certificate Revocation List issued by BT ("BT CRL"). You will be deemed to have accepted this Charter by validating or relying upon a KM Certificate or the information embedded in a KM Certificate or by accessing or using the Repository, even if you have not read the Charter. You demonstrate your knowledge and acceptance of the Charter by submitting a query to search for, or to verify the revocation status of a KM Certificate or by otherwise relying on or using any information or services provided by BT's Repository or the BT Trust Services web site. If you do not accept the Charter, do not submit a query and do not download, access or use any BT CRL. Customers of BT Trust Services are reminded that their reliance on or use of KM Certificates is governed by the Conditions for BT Trust Services.

The Charter sets out the actions BT will take to enable you to make an informed decision as to whether you wish to rely on a KM Certificate (including the information embedded in a KM Certificate), and contains guidelines and procedures you must follow before validating, relying on, or otherwise using a KM Certificate or information embedded in a KM Certificate.

The Charter applies when you submit a query in search of a KM Certificate or to verify a digital signature created with a Private Key corresponding to a Public Key contained in a KM Certificate, or when you otherwise rely on or use any information or services provided by BT at the Repository or the BT Trust Services web site.

BT publishes a document titled the BT Certification Practice Statement (the "CPS"), which is a summary of the practices that BT will follow with respect to the provision of certificates. BT will comply with the assurance level for information contained in a certificate as specified in the description of each class of certificate in section 1.1 of the CPS. In particular, BT represents that all information contained in a certificate, except non-verified customer information, has been validated in accordance with the procedures in the CPS. The CPS is available in the Repository at http://www.trustwise.com/repository/CPS/cps.htm. If there are changes to the CPS, BT will post the changes in the Repository. To the extent permitted by the law of England and Wales, BT makes no representations and holds out no warranties in respect of certificates or the Repository other than those expressly set out in the CPS and this Charter.

You acknowledge that your use of the Repository and your reliance on or use of any KM Certificate or the information embedded in it will be governed by the CPS (as amended from time to time) and this Charter.

Section 2.1.4 of the CPS sets out specific procedures you must use to validate a certificate before relying on the certificate or any information embedded in the certificate. If you rely on or use a KM Certificate (including the information embedded in the OKM Certificate) without first complying with the procedures set out in section 2.1.4 of the CPS, your reliance on or use of that KM Certificate or the information will be inconsistent with this Charter and will be considered unreasonable and in derogation of your duty of care under the Common Law of England and Wales.

You acknowledge that you have sufficient access to information to ensure that you can make an informed decision as to the extent to which you will choose to rely on or use a KM Certificate or the information embedded in it. You further acknowledge that you are responsible for deciding whether to rely on a KM Certificate or information embedded in it. You acknowledge that the information provided in the Repository, otherwise rely on or use any information or services provided by BT at the Repository or the BT Trust Services web site and that no other person shall be liable to you in respect of such information.

Customers of BT Trust Services are obliged to inform BT if their Private Keys are compromised, and on receipt of such a notice BT will revoke the compromised OKM Certificate and post notice of the revocation in the Certificate Status List. However, you acknowledge the possibility of theft or other form of compromise of a Private Key corresponding to a Public Key contained in a KM Certificate which may not be detected, and of the possibility of use of a stolen or compromised key to forge a digital signature to a document.
The Private Key of a KM Certificate is generated on the End User's behalf by an Issuing Authority ("IA"), which has backed up the Private Key using Key Manager. The IA is capable of recovering the Private Key to assist the End User in the event that they lose access to it. The IA may also have legitimate business reasons to recover the End User's Private Key without their prior knowledge or consent. The IA may therefore be able to decrypt encrypted messages sent to the End User and, in the event that the same Private Key is implemented for both digital signatures and encryption, digitally sign messages on the End User's behalf.

BT's liability to you is limited to £25,000 for any one incident or series of related incidents and to £100,000 for all incidents in any period of 12 months.

BT is not liable to you (including for negligence) for direct or indirect loss of profits, business or anticipated savings, nor for any indirect or consequential loss or damage or for any destruction of data.

BT accepts unlimited liability for death or personal injury resulting from its negligence and the limits set out above do not apply to such liability.

BT is not liable to you for the acts or omissions of other providers of telecommunications or Internet services (including domain name registration authorities) or for faults in or failures of their equipment.

Each point of this Charter is separate and the invalidity or unenforceability of any point for any reason will not affect the validity or enforceability of any other point.

This Charter is published British Telecommunications plc a company registered In England No.1800000, any claims, complaints, disputes or proceedings in connection with the provision of Certificates, the Repository or any other service by BT Trust Services or with this Charter must be commenced under the jurisdiction of the courts of England and Wales.

 

Copyright © British Telecommunications plc 2004