Last active
July 11, 2016 15:49
-
-
Save lolo32/a71304971b7b4ab87ef18f4f578998ea to your computer and use it in GitHub Desktop.
LET'S ENCRYPT SUBSCRIBER AGREEMENT - Differences between releases
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Definitions and Terms | |
Add a definition: | |
"Key Compromise " - A Private Key is said to be compromised if its value has been disclosed to an unauthorized person, an | |
unauthorized person has had access to it, or there exists a practical technique by which an unauthorized person may discover | |
its value. A Private Key is also considered compromised if methods have been developed that can easily calculate it based on | |
the Public Key or if there is clear evidence that the specific method used to generate the Private Key was flawed. | |
3.1 Warranties | |
Removed paragraph waying that you will "not use Your Certificates to attack, defraud or intercept the traffic of others." | |
Add the precision that the user warrant "to ISRG and the public -at-large" for all warranty | |
Add this paragraph "ou warrant to ISRG and the public -at-large that You rightfully hold the Private Key corresponding to the | |
Public Key listed in Your Certificate." | |
Enforce precision saying that you must keep all protections to protect your Private Key and all secret datas. | |
3.4 Key Pair Generation | |
Add this mention: "Your Private and Public Keys will remain Your property." | |
3.5 Inspection and Acceptance of Certificates | |
Add the precision that the user warrant "to ISRG and the public -at-large" for all warranty | |
3.6 Use of Your Certificate renamed to 3.6 Installation and Use of Your Certificate | |
This section were rewritted, from | |
"The purpose of Your Certificate is to encrypt Internet communications. ISRG is not responsible for any legal or other | |
consequences resulting from or associated with the use of Your Certificate. You agree that You will not use Your Certificate | |
for any purpose requiring fail -safe performance, such as the operation of public utilities or power facilities, air traffic | |
control or navigation systems, weapons systems, or any other systems, the failure of which would reasonably be expected to lead | |
to bodily injury, death or property damage." | |
to | |
"You may reproduce and distribute Your Certificate on a nonexclusive and royalty -free basis, provided that it is reproduced | |
and distributed in full and in compliance with this Agreement. You warrant to ISRG and the public -at-large, and You agree , | |
that You will install Your Certificate only on servers that are accessible at the subjectAltName(s) listed in Your Certificate, | |
and that you will use Your Certific ate solely in compliance with all applicable laws and solely in accordance with this | |
Agreement. Your Certificate will remain the property of ISRG, subject to Your right to use it as set forth in this Agreement. | |
The purpose of Your Certificate is to authenticate and encrypt Internet communications. ISRG is not responsible for any legal | |
or other consequences resulting from or associated with the use of Your Certificate. You agree that You will not use Your | |
Certific ate for any purpose requiring fail -safe performance, such as the operation of public utilities or power facilities, | |
air traffic control or navigation systems , weapons systems, or any other systems, the failure of which would reasonably be | |
expected to lead to bodily injury , death or property damage." | |
3.7. When to Revoke Your Certificate | |
Rewrite of a part of the Agreement, from: | |
"You must immediately request that Your Certificate be revoked if: (i) You suspect or discover that Your Private Key has been, | |
or is in danger of being, lost, stolen, otherwise compromised, or subjected to unauthorized use , or (ii) any information in | |
Your Certificate is no longer accurate, current or complete, or any such information becomes misleading." | |
to | |
"You warrant to ISRG and the public -at-large, and You agree , that You will immediately request that Your Certificate be | |
revoked if: (i) there is any actual or suspected misuse or Key C ompromise of the Private Key associated with the Public Key | |
included in Your Certificat e, or (ii) any information in Your Certificate is, or becomes, misleading, incorrect or inaccurat." | |
3.8 When to Cease Using Your Certificate | |
Removed point "You suspect or discover that the Private Key corresponding to Your Certificate has been or may be stolen, lost, | |
or otherwise compromised or subjected to unauthorized use" | |
Small rewrite, but seams to be the same | |
3.9 When to Cease Using Your Private Key | |
Add entirelly new section: | |
"You warrant to ISRG and the public -at-large, and You agree, that You will promptly cease all use of the Private Key | |
corresponding to the Public Key included in Your Certificate upon revocation of Your Certificate for reasons of known or | |
suspect ed Key Compromise." | |
4.1 Privacy | |
Change the last part that explain all the usage of private informations to | |
"ISRG's collection, storage, use and disclosure of such information are governed by the Let's Encrypt Privacy Policy at: | |
https://letsencrypt.org/privacy/." | |
4.3 Suspension and Revocation | |
Add some precisions to the first paragraph | |
Add to the rule (v) "(including this Agreement)" | |
Add two more rules: | |
"(vi) Your Certificate is being used, or has been used, to enable any criminal activity (such as phishing attacks, fraud or | |
the distribution of malware); | |
(vii) Your Certificate is being used, or has been used, to intercept the traffic of others;" | |
4.4 IMPORTANT DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY | |
Change "LET'S ENCRYPT CERTIFICATES" | |
to "EXCEPT AS EXPRESSLY SET FORTHIN ISRG'S CERTIFICATE POLICY AND CERTIFICATE PRACTICE STATEMENT, LET'S ENCRYPT CERTIFICATES" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment