• CAcert uses the term Members to describe parties to CCA (who have permission to USE, RELY, OFFER). Members are both Subscribers and Relying Parties, the CCA takes a similar place to the Relying Party Agreement and Subscriber Agreement of other CAs.
  • CCA was approved to DRAFT by Board at executive meeting decision m20070918.4. CCA was ratified at AGM of the Association 20071117. Minutes. CCA was moved to POLICY status under PoP p20080109.1.
  • See comments §A.6.b.
  • Major risks to Members would include (a) inappropriate disclosure of risks (itself covered by DRP), (b) failure of disclaimers in NRP-DAL plus DRP against NRPs, and (c) failure of DRP to rule appropriately. Given the historical frequency and small expected future value of these liabilities, CCA + DRP is considered an adequate control.
  • David Ross's additional comments: I would anticipate that requirement A.6.c would mean that the subscriber must explicitly assume responsibility for its own actions, including liability to end users. This leads to requirement A.6.d, in which a CA would get certification from its subscribers that they understand and accept A.6.c. (A prudent CA would get this in writing from its subscribers even without this requirement.) Then, a subscriber sued by an end user because of the subscriber's actions (or even by an end user who was personally negligent) would be inhibited from suing the CA and driving it out of business.
  • The CA travels a different path. The Subscriber is protected by the NRP-DaL against end-user suits.
  • Although end-users (NRPs) are not permitted to rely under NRP-DaL, there are material comments in DRP.
    • "Anyone may file a dispute."
    • "Any parties that are not Users and are not bound by the CPS are given the opportunity to enter into CAcert and be bound by the CPS and these rules of arbitration. If these Non-Related Persons (NRPs) remain outside, their rights and remedies under CAcert's policies and forum are strictly limited to that specified in the Non-Related Persons -- Disclaimer and Licence. NRPs may proceed with Arbitration subject to preliminary orders of the Arbitrator."
    • "In the event of asserting jurisdiction, and a NRP later decides to pursue rights in another forum, the Arbitrator should seek the agreement of the NRP to file the ruling as part of the new case."
    End users are encouraged to take their dispute into CA's own forum.
  • As an open-subscription Community of Members, and Arbitration delivers an open ruling, reputation is likely a substantial force.