(Quick) Proof Read an Agreement

Express the business side of your digital lives. Share your experiences and/or your comments regarding a business or organization.

No advertising.

Moderator: General Moderators

Post Reply
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

(Quick) Proof Read an Agreement

Post by Chris Corbyn »

I want to inlcude TLS support for Gamil servers in Swift.... I need the Thwate signed certificate to even begin developing this.

I want to be 100% sure that I'm ok to distribute a copy of the certificate with my GPL library.

The terms I will be bound by are:
The Thwate Terms wrote:THAWTE ROOT CERTIFICATE LICENSE AGREEMENT

YOU MUST READ THIS THAWTE ROOT CERTIFICATE LICENSE AGREEMENT ("AGREEMENT") BEFORE APPLYING FOR, ACCEPTING, OR USING A THAWTE ROOT CERTIFICATE. THIS AGREEMENT EXPLAINS THAWTE'S OBLIGATIONS TO YOU, AND YOUR OBLIGATIONS TO THAWTE IN RELATION TO THAWTE ROOT CERTIFICATES PROVIDED TO YOU FOR INCLUSION IN YOUR PRODUCTS. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, DO NOT APPLY FOR, ACCEPT, OR USE THE CERTIFICATE. BY CLICKING "ACCEPT" BELOW OR BY ACCEPTING OR USING A THAWTE ROOT CERTIFICATE, YOU AGREE TO BECOME A PARTY TO, AND BE BOUND BY, THE TERMS OF THIS AGREEMENT. BY CLICKING "DO NOT ACCEPT" BELOW, YOU INDICATE THAT YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT AND WILL NOT BE A THAWTE LICENSEE.

ALL REFERENCES TO "THAWTE" IN THIS AGREEMENT SHALL MEAN THAWTE, INC. UNLESS YOU (ON BEHALF OF YOUR ORGANIZATION) ARE LOCATED IN THE REPUBLIC OF SOUTH AFRICA, THE REPUBLIC OF NAMIBIA, THE KINGDOM OF LESOTHO, OR THE KINGDOM OF SWAZILAND, IN WHICH CASE ALL REFERENCES TO “THAWTE” HEREIN SHALL MEAN THAWTE CONSULTING (PTY) LTD.

1. DEFINITIONS
Capitalized words that are not otherwise defined shall have the following meanings: "Certificate" means a message that, at least, states a name or identifies the entity issuing it (“Certificate Authority” or “CA”), identifies the subscriber, contains the subscriber's public key, identifies the Certificate's operational period, and contains a digital signature of the Certificate Authority; "Root Certificate" means a self-signed Certificate issued by a top-level Certificate Authority to itself, which includes such Certificate Authority's public key; “Intermediate CA” means a CA Certificate signed by a Root Certificate Intermediate that issues Certificates either to end-entities or other Certificate Authorities, but not both; and "Products" means all versions of your product with which the Root Certificates are embedded (including successor products or any major or minor upgrades thereto).

2. GRANT OF LICENSE
Thawte grants you, during the term of this Agreement, a royalty-free, non-exclusive, non-transferable license to (a) embed any or all of the Thawte Root Certificates and/or Intermediate CA Certificates (including updates thereof, collectively, “Thawte Certificates”) provided to you, unmodified, in your Products for distribution to your customers; and (b) use the relevant trademarks of Thawte, as approved by Thawte, in your Product marketing materials, packaging, data sheets, and web sites solely in conjunction with the distribution of Thawte Certificates in your Products.

3. LICENSE RESTRICTIONS
You shall not (a) modify, reverse engineer, or create any derivative work of the Thawte Certificates; (b) assign, sublicense, sell, rent, or lease the Thawte Certificates except as embedded in your Products; (c) use the Thawte Certificates in any manner that might compromise or adversely affect the operation of the Certificate or Thawte’s Public Key Infrastructure; (d) remove or alter any trademark, logo, copyright, or other proprietary notice, legend, or label provided in the Thawte Certificate; and (e) certify, or have certified, the public key contained in the Thawte Certificate by issuing or creating a Certificate containing such public key. Any right not expressly granted shall be deemed withheld.

4. RIGHTS AND OBLIGATIONS
4.1. Embedding Thawte Certificates in Products. You shall include the most current Thawte Certificates from Thawte unmodified and in full.
4.2 Root Key Compromise; Revocation. If you become aware of or suspect any unauthorized disclosure of, or loss or control over, sensitive information concerning Thawte's root private keys or other event that adversely affects the integrity of Thawte's data or public key system ("Compromise"), you shall immediately notify Thawte of such Compromise. You shall cooperate with Thawte to remedy the effects of any Compromise including, without limitation, replacing Compromised root keys and notifying your customers of such Compromise and remedies to address such Compromise. Thawte retains the right to revoke the license granted herein at any time without notice if you fail to perform your obligations under the terms of this Agreement or, in Thawte's sole discretion, you have engaged in activities which Thawte determines are harmful to Thawte’s public key system.
4.3 Thawte Certificate Updates. If Thawte updates the Thawte Certificates, Thawte shall post the updated Certificates on its web site at the same URL from which you downloaded the original Certificates. You shall be responsible for periodically checking the Thawte web site for updates to Thawte Certificates and include the updated Certificates in your Products. Inclusion of updated Certificates in your Product may be accomplished by embedding the Thawte Certificate either within the Product or through a patch or update release. You shall discontinue using Thawte Certificates that Thawte has replaced and/or updated, except those that have been embedded and/or distributed or are no longer within your control.

4.4 Modification of Agreement. If Thawte modifies the licensing terms for its Root and Intermediate CA Certificates for all licensees, Thawte shall publish the modified terms on its web site at the same URL from which you downloaded the Certificates. You shall be responsible for periodically checking the Thawte web site for modifications. Such modifications shall be effective and binding on you upon thirty (30) days of such publication, unless you contact Thawte to terminate the Agreement. You agree that the administrative contact you provide shall have full authority to act on your behalf with respect to the Thawte Certificates, including the authority to terminate or amend this Agreement.

5. CONFIDENTIALITY
The parties acknowledge that by reason of their relationship under this Agreement, they may have access to and acquire confidential information of the other party. Each party receiving confidential information (the “receiving party”) agrees to maintain all such confidential information received from the other party (the “disclosing party”), both orally and in writing, in confidence and agrees not to disclose or otherwise make available such confidential information to any third party without the prior written consent of the disclosing party; provided, however, that the receiving party may disclose the terms of this Agreement to its legal and business advisors if such third parties agree to maintain the confidentiality of such confidential information under terms no less restrictive than those set forth herein. The receiving party further agrees to use the confidential information only for the purpose of performing this Agreement. Notwithstanding the foregoing, the obligations set forth herein shall not apply to confidential information which (a) is or becomes a matter of public knowledge through no fault of or action by the receiving party; (b) was lawfully in the receiving party’s possession prior to disclosure by the disclosing party; (c) subsequent to disclosure, is rightfully obtained by the receiving party from a third party who is lawfully in possession of such confidential information without restriction; (d) is independently developed by the receiving party without resort to the confidential information; or (e) is required by law or judicial order, provided that the receiving party shall give the disclosing party prompt written notice of such required disclosure in order to afford the disclosing party an opportunity to seek a protective order or other legal remedy to prevent the disclosure, and shall reasonably cooperate with the disclosing party's efforts to secure such a protective order or other legal remedy to prevent the disclosure.

6. PROPRIETARY RIGHTS
You acknowledge that Thawte retains all intellectual property rights and title in and to the Thawte Certificates and the public and private keys corresponding to such Certificates ("Thawte Intellectual Property"). This Agreement does not give you any right in the Thawte Intellectual Property except for the license granted herein. If you use Thawte's trademarks as permitted herein, you agree to comply with Thawte’s trademark usage guidelines.

7. DISLAIMER OF WARRANTY
THAWTE CERTIFICATES ARE PROVIDED "AS IS" WITHOUT ANY WARRANTY WHATSOEVER. THAWTE HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS.

8. LIMITATION OF LIABILITY
UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY WILL THAWTE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, OR EXEMPLARY DAMAGES, WHETHER FORESEEABLE OR UNFORESEEABLE, EVEN IF EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER, TO THE EXTENT PERMITTED BY LAW, UNDER NO CIRCUMSTANCES WILL THAWTE'S LIABILITY FOR ANY ACTION OR CLAIM EXCEED USD1,000 (ONE THOUSAND UNITED STATES DOLLARS), REGARDLESS OF WHETHER SUCH ACTION OR CLAIM IS BASED IN CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE. YOU SHALL TAKE REASONABLE MEASURES TO INCORPORATE THIS LIMITATION OF LIABILITY INTO ANY AGREEMENT BETWEEN YOU AND YOUR CUSTOMERS/LICENSEES OF YOUR PRODUCT(S).

9. TERM AND TERMINATION
9.1. Term. This Agreement is effective as of the date you accept the terms of this Agreement in order to download the Thawte Certificates and shall remain in effect for one (1) year (“initial term”). This Agreement shall automatically renew for additional one-year term(s) (each, a "renewal term") following the expiration of the initial or renewal term(s) until the earlier of (a) receipt of notice of non-renewal by either party; or (b) the expiration or revocation of the last Thawte Root Certificate and/or Intermediate CA Certificate in your use.

9.2. Termination. Both parties shall be entitled to terminate this Agreement if the other party fails to perform any of its material obligations (“breach”) and if such breach is not cured within thirty (30) days’ of notice from the non-breaching party. This Agreement shall terminate upon the election of and notice from a party to the other if a party is adjudged insolvent or bankrupt, or the institution of any proceedings by or against the other party seeking relief, reorganization, or arrangement under any laws relating to insolvency, or any assignment for the benefit of creditors, or the appointment of a receiver, liquidator, or trustee of any of the other party's property or assets, or the liquidation, dissolution, or winding up of the other party's business.

9.3. Effect of Expiration or Termination. Upon termination of this Agreement, you shall discontinue all use of Thawte Certificates including, but not limited to, ceasing to embed such Certificates in all subsequent Product releases, ceasing to distribute Products containing such Certificates, and ceasing to use Thawte's logos and trademarks and, to the extent practicable, destroy all copies of the Thawte Certificates in your possession. With respect to existing Products that have embedded Thawte Certificates, you shall have sole discretion to retain or destroy such Certificates. Sections 3, 4.2, 5, 6, 7, 8, and 10 shall survive termination of this Agreement.

10. GENERAL PROVISIONS
10.1. Governing Law. This Agreement, and any disputes arising out of or related to this Agreement, shall be governed by, construed, and enforced in all respects in accordance with the laws of the Commonwealth of Virginia, United States of America, excluding its conflict of laws rules. The parties agree that the United Nations Convention on Contracts for the International Sale of Goods shall not apply. For all disputes arising out of or related to this Agreement, the parties submit to the exclusive subject matter jurisdiction, personal jurisdiction and venue of the United States District Court for the Eastern District of Virginia, Alexandria Division. If there is no jurisdiction in the United States District Court for the Eastern District of Virginia, Alexandria Division, then jurisdiction shall be in the state courts of Fairfax County, Fairfax, Virginia.

10.2. Assignment. Neither party may assign or transfer this Agreement or any obligation hereunder without the prior written approval of the other party, except that, upon written notice, a party may assign or transfer this Agreement to an entity acquiring all or substantially all of the assets of that party, whether by acquisition of assets or shares, or by merger or consolidation. Any assignment in violation of this section shall be void. Subject to the foregoing, this Agreement shall be binding upon and inure to the benefit of the successors and assigns of the parties.

10.3. Severability; Waiver. In the event that any provision of this Agreement should be found by a court of competent jurisdiction to be invalid, illegal or unenforceable in any respect, the validity, legality and enforceability of the remaining provisions contained shall not, in any way, be affected or impaired thereby. The failure of a party, at any time or from time to time, to require performance of any obligations of the other party hereunder shall not be deemed a waiver and shall not affect its right to enforce any provision of this Agreement at a subsequent time.

10.4. Entire Agreement; Amendments. This Agreement and any term published through the Thawte website pursuant to sections 4.3, 4.4 and 10.6 constitute the entire understanding and agreement of the parties, whether written or oral, with respect to the subject matter hereof and supersede all prior and contemporaneous agreements or understandings between the parties.

10.5. Compliance with Law, Export Requirements, and Foreign Reshipment Liability. Each party agrees that it shall comply with all applicable federal, state and local laws, regulations, and export requirements in connection with its performance under this Agreement. Regardless of any disclosure made to Thawte of an ultimate destination of any Thawte Certificate or technical data, you will not modify, export, or re-export, either directly or indirectly, any Thawte Certificate or technical data, or portions thereof, without first obtaining any and all necessary licenses from the United States government or agencies thereof or any other country that requires an export license or other governmental approval at the time of modification, export, or re-export. Thawte shall have the right to suspend performance its obligations under this Agreement, without any prior notice being required and without any liability to you, if you fail to comply with this obligation.

10.6 Notices. Any notice, demand, or request to Thawte with respect to this Agreement shall be in writing (excluding email) and sent by certified mail (postage prepaid), internationally-commercially recognized overnight delivery service (such as FedEx or DHL), or courier addressed as follows: Attn: Thawte General Counsel, 487 E. Middlefield Road, Mountain View, CA 94043, USA. Notice shall be deemed served upon personal or courier delivery; upon the second business day after the date sent for notices sent via overnight delivery; or upon the fifth business day after the date sent for notices sent via certified mail. Thawte may publish notices and updates regarding the Agreement or the Thawte Certificates at the URL from which you downloaded the Certificates. You shall be responsible for periodically checking the Thawte web site for notices regarding this Agreement and the Thawte Certificates.

10.7 Independent Contractors. The parties to this Agreement are independent contractors. Neither party is an agent, representative, joint venturer, or partner of the other party. Neither party shall have any right, power or authority to enter into any agreement for or on behalf of, or incur any obligation or liability of, or to otherwise bind, the other party. Each party shall bear its own costs and expenses in performing this Agreement.

10.8 Third Party Beneficiaries. No provision of this Agreement are intended nor shall be interpreted to provide or create any third party beneficiary rights or any other rights of any kind in any other party.

10.9 Indemnity. You shall indemnify, defend, and hold Thawte harmless from and against all claims, judgments, expenses (including reasonable attorney’s fees) and awarded damages assessed against Thawte, or agreed to be paid by you in settlement of any third-party claim, arising from a third party’s use or distribution of your Products, so long as Thawte gives you prompt notice, in writing, of such claim, the right to control and direct the investigation, preparation, defense and settlement of the claim, and reasonable assistance and information.

Thawte Root Certificate License Agreement version 3.0
Can anyone see anything in there that is rough territory when providing this library as a free, 100% open source download? I've read it a couple of times and didn't pick up on anything but I always overlook key points in things like this.

Cheers :)
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Re: (Quick) Proof Read an Agreement

Post by Roja »

d11wtq wrote:I want to inlcude TLS support for Gamil servers in Swift.... I need the Thwate signed certificate to even begin developing this.

I want to be 100% sure that I'm ok to distribute a copy of the certificate with my GPL library.

The terms I will be bound by are:
...
Can anyone see anything in there that is rough territory when providing this library as a free, 100% open source download? I've read it a couple of times and didn't pick up on anything but I always overlook key points in things like this.

Cheers :)
IANAL (I am not a lawyer), but there are several items in there that at least raise questions. It will all depend on what exactly of theirs you are including in your program, how, and what they define things as.

Perhaps if you explain what you will be doing with their cert in your code, it will be easier to answer.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: (Quick) Proof Read an Agreement

Post by Chris Corbyn »

Roja wrote:
d11wtq wrote:I want to inlcude TLS support for Gamil servers in Swift.... I need the Thwate signed certificate to even begin developing this.

I want to be 100% sure that I'm ok to distribute a copy of the certificate with my GPL library.

The terms I will be bound by are:
...
Can anyone see anything in there that is rough territory when providing this library as a free, 100% open source download? I've read it a couple of times and didn't pick up on anything but I always overlook key points in things like this.

Cheers :)
IANAL (I am not a lawyer), but there are several items in there that at least raise questions. It will all depend on what exactly of theirs you are including in your program, how, and what they define things as.

Perhaps if you explain what you will be doing with their cert in your code, it will be easier to answer.
Thanks :) I'll explain.

Swift is an email client at heart (albeit without a GUI). To send email via Gmail SMTP servers the first thing you need to do is negotiate a TLS handshake (a form of SSL/certificate security I believe). Once that has been done the user should be able to provide their Gmail username/password and relay mail via the SMTP server. It's basically so that only Gmail users can send email through Gmail servers - but Gmail users don't even have the chance with my Library right now because of this TLS issue.

Now, Gmail use the Thwarte certificate so this is what I need to download (among others for other servers implementing TLS). I litterally need this certificate purely for Swift to function with Gmail that's all really :)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Thunderbird has TLS support and works with Gmail perfectly.. so unless I'm missing something, you should be able to use it too.

However, as always with potential legal issues, I suggest seeking the advice of a lawyer. Groklaw's lawyers may be particularly knowledgable about this.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

feyd wrote:Thunderbird has TLS support and works with Gmail perfectly.. so unless I'm missing something, you should be able to use it too.

However, as always with potential legal issues, I suggest seeking the advice of a lawyer. Groklaw's lawyers may be particularly knowledgable about this.
Lawyers cost money :( I'm not doing this for profit. By the sounds of it I can include the certificate, along with the trademarks etc to Thawte and use it. Grr... I'm a bit over cautious....
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

What the heck was I thinking trying to incorporate TLS into my library?!! I've been staring at the RFC's for so long that my eyes are actually starting to wander when I read text 8O. Probably better if I could just look at the implementation elsewhere - if only my C knowledge was anything but tiny... all the examples in the RFC are C based :(
Post Reply