Repository

VERISIGN® NETSURE® PROTECTION PLAN VERSION 6.0 August 2006

THIS NETSURE® PROTECTION PLAN (“Plan”), provided by VeriSign, Inc. (“VeriSign”), grants the “Covered Persons” identified in Section 1 limited warranty protection subject to certain exceptions, disclaimers of warranty, exclusions, and limitations of liability. This Plan is made an integral part of, and is incorporated by reference in, the Service Agreements under which VeriSign issues certain digital certificates. See Appendix A for definitions of the defined terms used in this Plan. A list of Service Agreements appears in Appendix B of this Plan.

1. Who is Covered. The Plan covers the following “Covered Persons”:

(a) “NetSure Subscribers” A NetSure Subscriber is a person or entity who has purchased a VeriSign SSL or Code Signing certificate directly from VeriSign (each, a “NetSure Certificate”) that is subject to a claim under this Plan. A listing of the types of VeriSign certificates that are included as being “NetSure Certificates” and therefore subject to this Plan appear at: https://www.verisign.com.tw/repository/netsure/netsure-matrix.shtml. For clarification, certificates that are branded or co-branded as “VeriSign” certificates but sold by a party other than VeriSign shall not be considered NetSure Certificates under the Plan.

(b) “NetSure Relying Parties” A NetSure Relying Party is a NetSure Subscriber that acts in reliance on a NetSure Certificate belonging to another. For clarification, a person and/or entity that has no contractual relationship with VeriSign other than the one arising out of reliance on a NetSure Certificate shall not be considered a “Covered Person” under the Plan unless it is a NetSure Subscriber.

For purposes of this Plan, a Covered Person that is not a natural person (e.g., a corporation, business, or legal entity) is capable of relying on a NetSure Certificate of another. Such reliance can occur when an employee or agent of such Covered Person relies on a NetSure Certificate while acting on behalf of the Covered Person.

2. When the Coverage Applies. Each type of Covered Person has a time period (“Applicable Time Period”) in which protection is afforded under the Plan:

(a) “NetSure Subscribers” For NetSure Subscribers, the Applicable Time Period is the Operational Period of their NetSure Certificates. “Operational Period” means a period starting with the date and time a certificate is issued (or on a later date and time certain if stated in the certificate) and ending with a date and time at which the certificate expires or is earlier revoked.

(b) “NetSure Relying Parties” For NetSure Relying Parties, the Applicable Time Period is the Operational Period of their NetSure Certificates.

3. What is Covered.

3.1 Limited Warranty Regarding a NetSure Certificate. VeriSign warrants that at the time of issuance of a NetSure Certificate:

(a) there are no material misrepresentations of fact in such NetSure Certificate known to VeriSign or originating from VeriSign;

(b) there are no errors in the data contained within such NetSure Certificate that were introduced by VeriSign as a result of its failure to exercise reasonable care in creating the NetSure Certificate;

(c) the NetSure Certificate meets all material requirements of the Service Agreement under which the NetSure Certificate was issued; and

(d) all information in or incorporated by reference in the NetSure Certificate (except information not verified by VeriSign) is accurate.

THE WARRANTY IN SECTION 3.1 SHALL NOT APPLY TO THE EXTENT THE BREACH ARISES FROM THE CONDUCT OF THE NETSURE SUBSCRIBER ITSELF (AS OPPOSED TO VERISIGN) IN ISSUING OR INCORPORATING INFORMATION IN THE NETSURE CERTIFICATE.

3.2 Limited Warranty Against Unauthorised Use, Unauthorised Disclosure, and Compromise.
VeriSign warrants that, during the Applicable Time Period, VeriSign’s private key corresponding to the public key in the NetSure Certificate will not be subject to Compromise, unauthorised use, or unauthorised disclosure negligently caused by or permitted by VeriSign prior to the revocation or expiration of such certificates. “Compromise” means a loss, theft, modification, or unauthorised access of a private key corresponding to the public key listed in a NetSure Certificate by cryptographic analysis, key extraction, or any other means.

3.3 Limited Warranty Against Unauthorised Revocation and Loss of Use. VeriSign warrants that, during the Applicable Time Period, the NetSure Certificate shall be free from Unauthorised Revocation or Loss of Use caused by VeriSign. “Unauthorised Revocation” means revocation of a NetSure Certificate without authorisation by the subscriber or its agent except where VeriSign properly revokes the certificate under the applicable Service Agreement with that subscriber; and “Loss of Use” means the inability of a Covered Person to enter into a transaction due to the inability of the Covered Person or any user to securely access a VeriSign-designated Website or databases within a Website (loss of availability), or a Covered Person's inability to utilise or rely on indispensable certificate status services (such as online revocation or CRL services) to use a valid NetSure Certificate in a timely fashion.

3.4 Limited Warranties Against Erroneous Issuance. VeriSign warrants that, during the Applicable Time Period, NetSure Certificates are issued to the entities named as subjects of such certificates and were not issued as a result of Erroneous Issuance. “Erroneous Issuance” means issuance of a NetSure Certificate by VeriSign in a manner not materially in accordance with the procedures required by the Service Agreement, issuance of a NetSure Certificate by VeriSign to an entity other than the one named as the subject of the certificate, or issuance of a NetSure certificate without the authorisation of the entity named as the subject of such certificate.

THE WARRANTY IN THIS SECTION 3.4 SHALL NOT APPLY TO THE EXTENT THE BREACH ARISES FROM THE CONDUCT OF THE NETSURE SUBSCRIBER ITSELF (AS OPPOSED TO VERISIGN) IN CAUSING AN ERRONEOUS ISSUANCE.

4. Payments and Payment Requests Under the Plan.

4.1 NetSure Payments. Subject to the limitations in Sections 5, VeriSign shall pay a Covered Person for damages caused by a breach of one or more of the limited warranties in Section 3.

4.2 Requirements for Making a Payment Request. As a condition to payment under Section 4.1, a Covered Person must:

(a) make a payment request by completing and submitting the Loss Report Form;

(b) provide other information reasonably requested by VeriSign, its agents, or its employees (including without limitation proof of the Covered Person's damages); and

(c) provide reasonable cooperation with any investigation concerning damages to the Covered Person.

4.3 Notice. Covered Persons shall give VeriSign prompt notice of any breach(es) of the limited warranties in Section 3 in the manner set forth in Section 4.2.

4.4 Limitations Period. VeriSign shall have no obligation to make a payment under Section 4.1 for breach of one or more of limited warranties in Section 3 unless the Covered Person submits a Loss Report as required by Section 4.2 within one (1) year following the latter of the event giving rise to the breach of warranty or the end of the Operational Period of the NetSure Certificate which gave rise to the breach of warranty.

5. Limitations on Payments Under the Plan.

5.1 Limitation on Payments to NetSure Subscribers and NetSure Relying Parties. The most that VeriSign must pay a NetSure Subscriber under the Plan is the “Certificate Lifetime Limit” that applies under Section 5.2. If a breach of one or more of the limited warranties in Section 3 results in the NetSure Subscriber sustaining damages caused by relying on the NetSure Certificate of another, then there is a second "Per Reliance Limit" under Section 5.3 that applies in addition to the Certificate Lifetime Limit.

5.2 Certificate Lifetime Limit. The Certificate Lifetime Limit for each type of NetSure Certificate appears in Table 1 of the current version of the VeriSign NetSure Protection Plan Matrix, which is incorporated by reference in this Plan. That table is entitled “Certificate Lifetime Limits on Payments Under the Plan.” The current version of the VeriSign NetSure Protection Plan Matrix is located at https://www.verisign.com.tw/repository/netsure/netsure-matrix.shtml.

(a) How the Certificate Lifetime Limit Works. The Certificate Lifetime Limit is the most that VeriSign must pay a NetSure Subscriber for any and all breaches of Section 3 limited warranties affecting its own NetSure Certificates during the Applicable Time Period. All payments under Section 4.1 reduce the amount of the Certificate Lifetime Limit available for future payments. Once the Certificate Lifetime Limit of a NetSure Subscriber is exhausted by payments under Section 4.1, VeriSign has no further obligation to make further payments under Section 4.1 for breaches relating to that NetSure Certificate. Nonetheless, when NetSure Certificates are renewed at the end of their Operational Periods, the new NetSure Certificate issued upon renewal has its own new Certificate Lifetime Limit.

(b) Erroneous Issuance. One kind of breach of Section 3 is Erroneous Issuance resulting in the issuance of a NetSure Certificate incorrectly naming a NetSure Subscriber. Note: The certificate issued because of Erroneous Issuance is not the same as the NetSure Subscriber's own (correctly-issued) certificate. When this kind of breach occurs, only one Certificate Lifetime Limit applies to the breach. In addition, the Certificate Lifetime Limit applicable to the breach is the one for the NetSure Subscriber's own Certificate, not the Certificate Lifetime Limit of the certificate resulting from Erroneous Issuance. If the NetSure Subscriber has more than one NetSure Certificate, then the Covered Person can choose which of these NetSure Certificates will provide the Certificate Lifetime Limit for the breach. A Covered Person cannot choose a NetSure Certificate if its Certificate Lifetime Limit has already been exhausted. Any payments made under Section 4.1 reduce the applicable Certificate Lifetime Limit. Further, the issuance of a certificate as a result of Erroneous Issuance is a single breach regardless of how many relying parties rely on that certificate, the amount or number of payments that a Covered Person may need to pay to satisfy claims asserted by the relying parties, the number or amount of other losses sustained by the Covered Person as a result of the issuance of such certificate, or the number of other certificates held by the Covered Person.

5.3 Per Reliance Limit. If a breach of one of the Section 3 warranties results in damages to a Covered Person caused by reliance on the NetSure Certificate of another, the limitations of Sections 5.1 to 5.2 apply. In addition, however, the Covered Person also has a "Per Reliance Limit" that further limits payments for any one such breach. The Per Reliance Limit applicable to a particular breach is based on Table 2 of the current version of the VeriSign NetSure Protection Plan Matrix, which is incorporated by reference here. That table is entitled "Per Reliance Limits." The current version of the VeriSign NetSure Protection Plan Matrix is located at https://www.verisign.com.tw/repository/netsure/netsure-matrix.shtml.

(a) How the Per Reliance Limit Works. The "Per Reliance Limit" is the most VeriSign will pay a Covered Person under Section 4.1 for any one breach caused by reliance on the NetSure Certificate of another, no matter how many times that Covered Person relies on the NetSure Certificate. For example, if a single NetSure Certificate is issued as a result of Erroneous Issuance, and five digitally-signed messages were sent to a Covered Person, then a single breach has taken place. The Covered Person may only recover the Per Reliance Limit once for such breach (subject to the applicable Certificate Lifetime Limit), even if the Covered Person relies on all five digital signatures, and even if that reliance results in a total loss that exceeds the Per Reliance Limit.

6. Refund Policy.
If VeriSign breaches a limited warranty made to a NetSure Subscriber under Section 3 or another material obligation under the applicable Service Agreement, then VeriSign shall, at the NetSure Subscriber's request, revoke the NetSure Subscriber's certificate and provide the NetSure Subscriber with a refund of the amount paid by the NetSure Subscriber for the certificate. To request a refund, NetSure Subscribers must adhere to the Refund Policy published at https://www.verisign.com/repository/refund. This refund policy is not an exclusive remedy and does not limit other remedies that may be available to NetSure Subscribers.

7. PERSONS EXCLUDED FROM THE PLAN. VERISIGN PROVIDES THE LIMITED WARRANTIES IN SECTION 3 ONLY TO THE COVERED PERSONS IDENTIFIED IN SECTION 1. VERISIGN MAKES NO WARRANTY UNDER THIS PLAN TO ANY OTHER PERSON. THIS PLAN IS NOT INTENDED TO CREATE ANY THIRD PARTY BENEFICIARY RIGHTS FOR ANY OTHER PERSON.

8. Liability Caused by Party Other Than VeriSign. The limited warranties in Section 3 do not apply to losses or damages caused in whole or in part by a third party or a certificate subscriber’s own breach of any warranty or obligation in its Service Agreement with VeriSign. VeriSign shall not be liable for actions outside its scope of control. In connection therewith, VeriSign shall not be liable for any loss or damage that is not due to a defect in materials or workmanship of a VeriSign digital certificate or otherwise caused by VeriSign’s negligence or breach of its contractual obligations under the Service Agreement. In no event shall VeriSign be liable for any loss or damage that results from any fortuitous event or events.

9. Exceptions to the Plan. The limited warranties in Section 3 do not apply to losses or damages of a Covered Person, caused wholly or partially by:

(a) Use of certificates in a manner outside the permitted scope of use as set forth in the applicable Service Agreement.

(b) Reliance upon information contained in or incorporated in a VeriSign certificate, whether or not published in the VeriSign repository, where such reliance is unreasonable or unjustified for any reason, in light of, among other things, facts that the Covered Person knows or should know, course of dealing between pertinent parties, or usage of trade.

(c) The failure or unreasonable delay of such Covered Person to properly communicate a request for revocation of a VeriSign certificate as required by the Service Agreement.

(d) The failure of such Covered Person to exercise reasonable care to prevent Compromise of the Subscriber's own private key; failure of such Covered Person to use a trustworthy system; and breach by such Covered Person of a material obligation under the Service Agreement.

(e) The failure of a Covered Person to apply reasonable security measures to verify the digital signature of the NetSure Certificate.

(f) The failure of such Covered Person to apply reasonable security measures prior to and during the creation, storage, and transfer of encrypted messages prepared for a NetSure Subscriber for purposes of sharing confidential or secret data with such Subscriber as an intended recipient, including without limitation (i) the failure to determine that such NetSure Certificate is an operational certificate; and (ii) the failure to validate a certificate chain for the NetSure Certificate.

(g) The failure, if applicable, of such Covered Person to use a RSA public key algorithm with at least the designated and available modulus size.

(h) The failure, if applicable, of such Covered Person to use any public key algorithm other than RSA.

(i) Any condition or incident of force majeure under the Service Agreement.

(j) Acts by any persons whose illegal or unauthorised conduct damages, alters, impedes, or otherwise misuses the facilities or services of Internet service providers or other providers of telecommunications or value-added services including, but not limited to, the use or reproduction of malicious software such as computer viruses.

(k) The failure of communications infrastructure, processing, or storage media or mechanisms, including components thereof, not under the exclusive ownership or control of VeriSign.

(l) Brown-outs, power failures, or other disturbances to electrical power.

(m) Illegal acts by a person coercing the Covered Person to perform acts causing the Covered Person's loss or damages.

(n) Use or reliance upon demo or test certificates.

(o) Such Covered Person’s monitoring, interfering with, or reverse engineering, directly or indirectly, the technical implementation of the VeriSign public certification services.

10. Disclaimers of Warranty.

10.1 SPECIFIC DISCLAIMERS. EXCEPT AS EXPRESSLY STATED IN SECTION 3, VERISIGN:

(A) DOES NOT WARRANT THAT NONVERIFIED SUBSCRIBER INFORMATION CONTAINED IN NETSURE CERTIFICATES IS ACCURATE, AUTHENTIC, RELIABLE, COMPLETE, CURRENT, MERCHANTABLE, OR FIT FOR A PARTICULAR PURPOSE;

(B) SHALL NOT INCUR LIABILITY FOR REPRESENTATIONS CONTAINED IN A NETSURE CERTIFICATE, PROVIDED THE CERTIFICATE WAS PREPARED SUBSTANTIALLY IN COMPLIANCE WITH THE SERVICE AGREEMENT;

(C) DOES NOT WARRANT "NONREPUDIATION" FOR ANY NETSURE CERTIFICATE OR ANY MESSAGE (BECAUSE NONREPUDIATION IS DETERMINED EXCLUSIVELY BY LAW AND THE APPLICABLE FINAL DISPUTE RESOLUTION MECHANISM); AND
(D) SHALL NOT BE RESPONSIBLE FOR THE PERFORMANCE OF ANY HARDWARE OR SOFTWARE NOT UNDER EXCLUSIVE OWNERSHIP OF, EXCLUSIVE CONTROL OF, OR LICENSED TO VERISIGN.

10.2 GENERAL DISCLAIMER. EXCEPT AS EXPRESSLY PROVIDED IN SECTION 3 AND THE SERVICE AGREEMENT, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, VERISIGN DISCLAIMS: (A) ANY AND ALL OTHER EXPRESS OR IMPLIED WARRANTIES AND OBLIGATIONS OF ANY TYPE, INCLUDING ANY WARRANTY OF MERCHANTABILITY, ANY WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTY OF THE ACCURACY OF INFORMATION PROVIDED BY CERTIFICATE APPLICANTS, SUBSCRIBERS, AND THIRD PARTIES; AND (B) ANY LIABILITY FOR ANY ACTS BY THIRD PARTIES THAT CONSTITUTE OR MAY BE HELD TO CONSTITUTE NEGLIGENCE, RECKLESSNESS, AND/OR STRICT LIABILITY, WHETHER SOLELY OR JOINTLY ACTED WITH ANY OTHER PERSON INCLUDING, BUT NOT LIMITED TO, ANY COVERED PERSON.

11. LIMITATION ON GENERAL CONTRACT DAMAGES. IN THE EVENT A COVERED PERSON INITIATES ANY CLAIM, ACTION, SUIT, ARBITRATION, OR OTHER PROCEEDING SEPARATE FROM A REQUEST FOR PAYMENT UNDER SECTION 4.2, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, VERISIGN’S TOTAL LIABILITY FOR GENERAL CONTRACT DAMAGES SUSTAINED BY ANY AND ALL COVERED PERSONS, COMBINED WITH ANY AND ALL DAMAGES SUSTAINED BY ANY AND ALL OTHER PERSONS CAUSED BY THE USE OF OR RELIANCE ON A SPECIFIC NETSURE CERTIFICATE SHALL BE LIMITED TO AN AMOUNT NOT TO EXCEED $100,000, FOR THE TOTAL OF ALL DIGITAL SIGNATURES, TRANSACTIONS, AND CLAIMS RELATED TO SUCH NETSURE CERTIFICATE. THE LIABILITY CAP PROVIDED IN THIS SECTION SHALL BE THE SAME REGARDLESS OF THE NUMBER OF DIGITAL SIGNATURES, TRANSACTIONS, OR CLAIMS RELATED TO SUCH CERTIFICATE. IN THE EVENT THE DAMAGES SUSTAINED BY THE USE OR RELIANCE ON A NETSURE CERTIFICATE EXCEED THE LIABILITY CAP FOR SUCH CERTIFICATE, PAYMENT OF DAMAGES SHALL BE APPORTIONED FIRST TO THE EARLIEST CLAIMS TO ACHIEVE FINAL RESOLUTION (BY SETTLEMENT OR OTHERWISE), UNLESS OTHERWISE ORDERED BY A COURT OF COMPETENT JURISDICTION. THIS SECTION DOES NOT LIMIT REFUND PAYMENTS UNDER SECTION 6 OR PAYMENTS UNDER SECTION 4.1. SUBJECT TO SECTIONS 4 AND 6, VERISIGN SHALL NOT BE OBLIGATED TO PAY MORE THAN THE TOTAL LIABILITY CAP FOR EACH NETSURE CERTIFICATE, REGARDLESS OF THE METHOD OF APPORTIONMENT AMONG CLAIMANTS OF THE AMOUNT OF THE LIABILITY CAP. THIS SECTION APPLIES ONLY TO THE EXTENT PERMITTED BY APPLICABLE LAW. THIS SECTION APPLIES TO LIABILITY UNDER CONTRACT (INCLUDING BREACH OF WARRANTY), TORT (INCLUDING NEGLIGENCE AND/OR STRICT LIABILITY), AND ANY OTHER LEGAL OR EQUITABLE FORM OF CLAIM.

12. EXCLUSION OF CERTAIN ELEMENTS OF DAMAGES. EXCEPT AS EXPRESSLY PROVIDED IN SECTION 4, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, VERISIGN SHALL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, RELIANCE, INCIDENTAL, OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO ANY LOSS OF PROFITS OR LOSS OF DATA), ARISING FROM OR IN CONNECTION WITH THE USE, DELIVERY, LICENSE, PERFORMANCE, OR NONPERFORMANCE OF CERTIFICATES, DIGITAL SIGNATURES, OR ANY OTHER TRANSACTIONS OR SERVICES OFFERED OR CONTEMPLATED BY THE SERVICE AGREEMENTS OR THIS PLAN, EVEN IF VERISIGN HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

13. EXCLUSION OF PUNITIVE DAMAGES. TO THE EXTENT PERMITTED BY APPLICABLE LAW, VERISIGN SHALL NOT BE LIABLE FOR ANY PUNITIVE DAMAGES ARISING FROM OR IN CONNECTION WITH THE USE, DELIVERY, LICENSE, PERFORMANCE, OR NONPERFORMANCE OF CERTIFICATES, DIGITAL SIGNATURES, OR ANY OTHER TRANSACTIONS OR SERVICES OFFERED OR CONTEMPLATED BY THE SERVICE AGREEMENTS OR THIS PLAN.

14. Severability. In the event that any provision of this Plan should be found by a court of competent jurisdiction to be invalid, illegal or unenforceable in any respect, the validity, legality and enforceability of the remaining provisions contained shall not, in any way, be affected or impaired thereby.

15. Amendments. VeriSign shall be entitled to amend this Plan from time to time (prospectively and not retroactively). VeriSign shall be entitled to place amendments in the VeriSign repository in the form of an amended version of the Plan in the Practices Updates and Notices section of the VeriSign repository (see https://www.verisign.com/repository/updates). An amendment to the Plan shall become effective fifteen (15) days after VeriSign publishes the amendment in the VeriSign repository, unless VeriSign publishes a notice of withdrawal of the amendment in the repository prior to the end of such fifteen (15) day period. If a NetSure Subscriber does not assent to an amendment, the NetSure Subscriber shall, within fifteen (15) days following publication of the amendment, request revocation of the affected NetSure Certificate(s). Upon such request, VeriSign shall revoke the NetSure Subscriber's NetSure Certificate and provide the NetSure Subscriber with a refund in the amount prorated to reflect the remaining Operational Period of such NetSure Certificate(s). For example, if the NetSure Certificate has an Operational Period of one year and the NetSure Subscriber requests a refund pursuant to this section six (6) months after issuance, then VeriSign shall refund half of the amount of the fees paid for the NetSure Certificate. A NetSure Subscriber's failure to request revocation of the affected NetSure Certificate(s) within fifteen (15) days following the publication of an amendment shall constitute agreement to the amendment.

16. Governing Law. The parties agree that any disputes related to the services provided under this Plan shall be governed in all respects by and construed in accordance with the laws of the State of California, United States of America, excluding its conflict of laws rules. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods shall not apply.

17. Dispute Resolution. To the extent permitted by law, before any party may invoke any dispute resolution mechanism with respect to a dispute involving any aspect of this Plan, it shall notify VeriSign, and any other party to the dispute for the purpose of seeking dispute resolution. If the dispute is not resolved within sixty (60) days after the initial notice, then a party may proceed in accordance with the following:

(i) When each party to the dispute is a Canadian or U.S. resident or organisation situated or doing business in Canada or the United States. All suits to enforce any provision of this Plan shall be brought in the United States District Court for the Northern District of California or the Superior or Municipal Court in and for the County of Santa Clara, California, U.S.A. The parties agree that such courts shall have exclusive in personam jurisdiction and venue and the parties submit to the exclusive in personam jurisdiction and venue of such courts. The parties further waive any right to a jury trial regarding any action brought in connection with this Plan. (ii) Where one or more parties to the dispute is not a Canadian or U.S. resident or organisation situated or doing business in Canada or the United States. All disputes arising in connection with this Plan shall be finally settled under the Rules of Conciliation and Arbitration of the International Chamber of Commerce (ICC) as modified as necessary to reflect the provisions herein by one or more arbitrators. The place of arbitration shall be in Geneva in Switzerland, and the proceedings shall be conducted in English. In cases involving a single arbiter, that single arbiter shall be appointed by mutual agreement of the parties. If the parties fail to agree to an arbiter within fifteen (15) days, the ICC shall choose an arbiter knowledgeable in computer software law, information security and cryptography or otherwise having special qualifications in the field, such as a lawyer, academician, or judge in common law jurisdiction. Nothing in this Plan will be deemed as preventing either party from seeking injunctive relief (or any other provisional remedy) from any court having jurisdiction over the parties and the subject matter of this dispute as is necessary to protect either party's name, proprietary information, trade secret, know-how, or, or any other intellectual property rights.

Appendix A

GLOSSARY OF DEFINED TERMS

1. General Definitions. Unless otherwise noted in the Plan, defined terms shall have the meanings given to them in the CPS. (See https://www.verisign.com.tw/repository/CPS/)

2. Definitions Specific to the Plan.

(a) Applicable Time Period. See Section 2

(b) Certificate Lifetime Limit. See Sections 5.1 and 5.2

(c) Compromise. See Section 3.2

(d) Covered Person. See Section 1

(e) Erroneous Issuance. See Section 3.4

(f) Loss of Use. See Section 3.3

(g) NetSure Certificate. See Section 1(a)

(h) NetSure Relying Party. See Section 1(b)

(i) NetSure Subscriber. See Section 1(a)

(j) Operational Period. See Section 2(a)

(k) Plan. "Plan" means the VeriSign NetSure Protection Plan, i.e., this document.

(l) Per Reliance Limit. See Section 5.3

(m) Service Agreement. “Service Agreement” means, at any given time, the current version of the agreement(s) under which a Covered Person obtained a NetSure Certificate (in the case of NetSure Subscribers) or agreed to terms and conditions for the reliance upon VeriSign certificates (in the case of NetSure Relying Parties). See Appendix B.

(n) Unauthorised Revocation. See Section 3.3

Appendix B

LIST OF SERVICE AGREEMENTS

This Plan is made an integral part of, and is incorporated by reference in, the following Service Agreements:

• The VeriSign certificate Policies (“CP”), which is published at: http://www.verisign.com/repository/vtnCp.html
• The VeriSign Certification Practice Statement ("CPS"), which is published at: https://www.verisign.com.tw/repository/CPS/
• The VeriSign Class 3 Organisational Certificate Subscriber Agreement, which is published at: http://www.verisign.com.tw/repository/class3SA/
• The VeriSign Code Signing Certificate Subscriber Agreement
• The VeriSign Relying Party Agreement, which is published at:
  http://www.verisign.com.tw/repository/rpa/
• The MPKI for SSL Certificate Service Agreement, which is published at:
  http://www.verisign.com/repository/onsite/mpki.html