FOUND!: Software Publisher's Pledge (for DSIG)

Rohit Khare (
Thu, 15 Aug 96 01:46:56 -0400

Eureka! Yes, I do feel like the last guy on the list to actually get a hold
of the Secret Pledge...

The provisional 1.1 update of Verisign's Certification Practice Statement
defines the Software Publisher Pledge:

4.3 Software Pledge by Software Publishers

Each individual and commercial software publisher who applies for an
individual or commercial software publisher certificate hereby makes the
following software publisher's pledge to all users and the applicable IA
concerning software that the software publisher digitally sign with a private
key corresponding to the public key contained in a certificate:

> In addition to the other representations, obligations,
> and warranties contained or referenced in the certificate
> application, the [individual] [commercial] software
> publisher certificate applicant represents and warrants
> that he, she, or it shall exercise reasonable care
> consistent with prevailing industry standards to exclude
> programs, extraneous code, viruses, or data that may be
> reasonably expected to damage, misappropriate, or
> interfere with the use of data, software, systems, or
> operations of the other party.
> This software publisher's pledge is made exclusively by
> the [individual] [commercial] software publisher
> certificate applicant. Issuing authorities and VeriSign
> shall not be held responsible for the breach of such
> representations and warranties by the [individual]
> [commercial] software publisher under any circumstance.

In addition the page describes in detail the 3 classes of Verisign certs now
available; this information could be used to update the sample PICS labelling
scheme for Verisign certs.

In general, the entire CPS is recommended, if bone-dry, reading.

Rohit Khare

Rohit Khare -- World Wide Web Consortium -- Technical Staff
w: 617/253-5884  --   f: 617/258-5999   --  h: 617/491-5030
NE43-354,  MIT LCS,  545 Tech Square,  Cambridge,  MA 02139