Repository

YOU MUST READ THIS RELYING PARTY AGREEMENT BEFORE VALIDATING A DIGITAL ID™ ("CERTIFICATE") OR OTHERWISE ACCESSING OR USING VERISIGN'S DATABASE OF CERTIFICATE REVOCATIONS AND OTHER INFORMATION ("REPOSITORY"). IF YOU DO NOT AGREE TO THE TERMS OF THIS RELYING PARTY AGREEMENT, YOU ARE NOT AUTHORISED TO USE VERISIGN'S REPOSITORY.

THIS RELYING PARTY AGREEMENT GOVERNS THE USE OF DIGITAL IDs™ ("CERTIFICATES") ISSUED USING VERISIGN'S ONSITE™ KEY MANAGER ("OKM CERTIFICATES"). OKM CERTIFICATES CONTAIN REFERENCES POINTING TO THIS AGREEMENT'S URL (http://www.verisign.com.au) AND FIELDS STATING THAT USE OF OKM CERTIFICATES IS SUBJECT TO TERMS AT THIS URL. YOU MUST READ THIS RELYING PARTY AGREEMENT BEFORE VALIDATING ANY OKM CERTIFICATE OR OTHERWISE ACCESSING OR USING VERISIGN'S DATABASE OF CERTIFICATE REVOCATIONS AND OTHER INFORMATION ("REPOSITORY") TO DOWNLOAD AN OKM CERTIFICATE OR CHECK ITS STATUS. IF YOU DO NOT AGREE TO THE TERMS OF THIS RELYING PARTY AGREEMENT, YOU ARE NOT AUTHORISED TO RELY ON ANY OKM CERTIFICATE OR USE VERISIGN'S REPOSITORY TO DOWNLOAD AN OKM CERTIFICATE OR CHECK ITS STATUS.

THIS RELYING PARTY AGREEMENT (this "Agreement") becomes effective when you submit a query to search for an OKM Certificate, or to verify a digital signature created with a private key corresponding to a public key contained in an OKM Certificate, or when you otherwise use or rely upon any information or services provided by VeriSign's Repository or Website relating to an OKM Certificate.

Please note that the issuing authority ("IA") issuing an OKM Certificate generated the subscriber's private key on his or her behalf and has backed up the private key using VeriSign Australia OnSite Key Manager. Therefore, the IA is capable of recovering the subscriber's private key to assist him or her in the event the subscriber loses access to it. The IA, however, may have legitimate business reasons for recovering the subscriber's public key even without the subscriber's permission. Accordingly, the IA may be capable of decrypting encrypted messages that you or others send to the subscriber. You should keep this in mind when considering your expectations of privacy for encrypted messages you may send to the subscriber. When properly implemented, the VeriSign Australia Key Recovery Service can provide considerable benefits. In the unlikely event of misuse, however, the IA could decrypt messages in its possession that you send to the subscriber, and if a single key pair is implemented for digital signatures and encryption, the IA could use a recovered private key to digitally sign messages to you or others on the subscriber's behalf. You acknowledge the foregoing by accepting this agreement as set forth below.

You acknowledge that you have access to sufficient information to ensure that you can make an informed decision as to the extent to which you will chose to rely on the information in an OKM Certificate. For more educational material, see the tutorial contained in VeriSign's repository at http://www.verisign.com.au/repository. YOU ARE RESPONSIBLE FOR DECIDING WHETHER OR NOT TO RELY ON THE INFORMATION IN AN OKM CERTIFICATE. You acknowledge and agree that your use of VeriSign's Repository and your reliance on any OKM Certificate shall be governed by VeriSign's Certification Practice Statement (the "CPS") as amended from time to time, which is incorporated by reference into this Agreement. The CPS is published on the Internet in the Repository at http://www.verisign.com.au/repository and is available via E-mail by sending a request to: cps-requests@verisign.com.au. Amendments to the CPS are also posted in VeriSign's Repository at http://www.verisign.com.au/repository. The steps necessary to validate an OKM Certificate and verify a digital signature are contained in section 8 of the CPS.

CLAUSE 11.2 OF THE CPS SETS FORTH A LIMITED WARRANTY. EXCEPT AS EXPRESSLY PROVIDED IN THAT CLAUSE OF THE CPS, ISSUING AUTHORITIES AND VERISIGN, VeriSign's products and services, including but not limited to the service components, (collectively, the "products and/or services") are provided " as is" and, except as expressly provided in the CPS (clause 11.2), VeriSign Australia disclaims all warranties, conditions and obligations of any type including any warranty or condition of the accuracy of information provided, usefulness, functionality or operability of VeriSign's products and services and further disclaim any and all liability for negligence, failure to warn, and lack of reasonable care OTHER THAN WHERE A CONDITION OR WARRANTY IS IMPLIED INTO THIS AGREEMENT BY A LAW AND THAT CONDITION OR WARRANTY CANNOT BE EXCLUDED.

In any event, the liability of VeriSign Australia for a breach of any condition or warranty whether express or implied is limited, at VeriSign's sole discretion, to:

• in the case of goods, the replacement of the goods or the supply of equivalent goods, the repair of the goods, the payment of the cost of replacing the goods or of acquiring equivalent goods, or the payment of the cost of having the goods repaired; and
• in the case of services, supplying of the services again or the payment of the cost of supplying the services again.

In no event shall the Issuing Authority or VeriSign Australia be liable for any indirect, special, incidental, or consequential damages or for ant loss of profits or revenues, loss of data, loss of use, loss of goodwill, or other indirect, consequential, or punitive damages, whether or not reasonably foreseeable, arising from or in connection with the use, delivery, license, performance, or non-performance of OKM Certificates, digital signatures, or any other transaction or services offered or contemplated by this agreement, even if the Issuing Authority or VeriSign Australia has been advised of the possibility of such damages or should have been aware of such a possibility.

Notwithstanding the foregoing, IN NO EVENT WILL THE AGGREGATE LIABILITY OF THE ISSUING AUTHORITY OR VeriSign Australia EXCEED THE APPLICABLE LIABILITY CAP FOR SUCH CERTIFICATE SET FORTH IN THE TABLE BELOW.

THE AGGREGATE LIABILITY OF VERISIGN AUSTRALIA TO ANY AND ALL PERSONS CONCERNING A SPECIFIC OKM CERTIFICATE SHALL BE LIMITED TO AN AMOUNT NOT TO EXCEED THE FOLLOWING, FOR THE AGGREGATE OF ALL DIGITAL SIGNATURES AND TRANSACTIONS RELATED TO SUCH CERTIFICATE:

If any provision of this Agreement, or the application thereof, is for any reason and to any extent found to be invalid or unenforceable, the remainder of this Agreement (and the application of the invalid or unenforceable provision to other persons or circumstances) shall not be affected by such finding of invalidity or unenforceability, and shall be interpreted in a manner that shall reasonably carry out the intent of the parties.

YOU ARE HEREBY NOTIFIED OF THE POSSIBILITY OF THEFT OR OTHER FORM OF COMPROMISE OF A PRIVATE KEY CORRESPONDING TO A PUBLIC KEY CONTAINED IN AN OKM CERTIFICATE, WHICH MAY OR MAY NOT BE DETECTED, AND OF THE POSSIBILITY OF USE OF A STOLEN OR COMPROMISED KEY TO FORGE A DIGITAL SIGNATURE TO A DOCUMENT. For information regarding private key protection, see http://www.verisign.com.au/repository/.

You demonstrate your knowledge and acceptance of the terms of this Agreement by submitting a query to search for, or to verify the revocation status of, a Digital ID™ or by otherwise using or relying upon any information or services provided by VeriSign's Repository or Website relating to an OKM certificate. If you do not agree, do not submit a query.