Home > Repository

IP-Formation PKI Disclosure Statement

Version 1
  1. CA contact info: IP-Formation, 25 rue Claude Tillier 75012 PARIS E-Mail: ca-support@ip-formation.com, Web:
    <http://www.ip-formation.com>, Tel: +33 155432665, Fax: +33 155432664.

  2. Certificate type, validation procedures, and usages: The ip-formation Trust Network (VTN) is a PKI that accommodates a large, public community of users. Applications include digitally signing and authenticating identities and other attributes for e-mail, web forms, web sites, and encrypting/decrypting information.

    • ip-formation Class 1 Individual Certificates modestly enhances the security of some of these applications by assuring that a certificate's subject and e-mail address are included unambiguously within ip-formation's repository. Class 1 Certificates provide assurances that communications originate from a particular source. Class 1 Certificates do not provide proof of identity.

    • ip-formation Class 2 Individual Certificates provide a reasonable level, but not fool-proof assurance, of a subscriber's identity. Enterprise customers using Managed PKI validate certificate applicants by checking certificate applicants' identities against enterprise business records or databases. Identities may also be authenticated by comparing certificate applications to records kept by third parties such as credit bureaus.

    • ip-formation Class 3 Individual Certificates provides validation of identity via in-person presentation of identification credentials or other enhanced procedures. These certificates are typically suitable for applications such as electronic banking and contracting. ip-formation Class 3 Certificates provide a higher level of assurance of a subscriber's identity. See http://www.ip-formation.com/repository/CPS

    • ip-formation Class 3 Organizational Certificates provide assurances to an entity trying to authenticate an organization, such as an organization having a Website. Validation of certificate applicants includes comparison of certificate application information to information in third-party business databases or official records provided by the applicant, supplemented by independent contacts with the organization.

  3. Reliance limits: ip-formation does not set reliance limits for Class 1, 2, and 3 certificates. Reliance limits may be set by applicable law or by agreement. See Limitation of Liability, below.

  4. Obligations of subscribers: Subscribers must provide accurate information on their certificate applications, review the certificate to establish its accuracy before using it, reasonably protect their private keys from theft and unauthorized use by or disclosure to others, and notify ip-formation upon suspected private key compromise. WARNING: If a subscriber's private key is compromised, unauthorized persons could decrypt or sign messages with the key and commit the subscriber to unauthorized obligations. See http://www.ip-formation.com/repository/PrivateKey_FAQ

  5. Certificate status checking obligations of relying parties: A relying party may justifiably rely upon a certificate only after confirming that the certificate has not been revoked or expired at https://digitalid.ip-formation.com/ and determining that such certificate provides adequate assurances for its intended use.

  6. Limited warranty & disclaimer/ Limitation of liability: ip-formation has a warranty program, the NetSureSM Protection Plan ("Plan").
    See https://www.ip-formation.com/repository/netsure/summary.
    EXCEPT AS PROVIDED UNDER THE PLAN, ip-formation'S SERVICES ARE PROVIDED "AS IS." ip-formation DISCLAIMS ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. EXCEPT AS STATED IN THE PLAN, ip-formation'S TOTAL LIABILITY TO ALL PARTIES DAMAGED BY A PARTICULAR CERTIFICATE SHALL NOT EXCEED $1000 FOR A CLASS 1 CERTIFICATE, $5,000 FOR A CLASS 2 CERTIFICATE, OR $100,000 FOR A CLASS 3 CERTIFICATE. See Section 2.2.1.3 of the ip-formation CPS https://www.ip-formation.com/repository/CPS/

  7. Applicable agreements, Certification Practice Statement, Certificate Policy: Subscriber agreements: see https://www.ip-formation.com/repository/subscriber/index.html; Relying Party Agreements see http://www.ip-formation.com/repository/rpa/index.html; ip-formation CPS: see http://www.ip-formation.com/repository/CPS.

  8. Privacy policy: Personal data is not shared without subscriber consent. See http://www.ip-formation.com/truste/index.html.

  9. Refund policy: Unconditional refund for 30 days; thereafter, only upon breach by ip-formation. See http://www.ip-formation.com/repository/refund;.

  10. Applicable law and dispute resolution: California: California law. US/Canadian subscribers: disputes resolved in courts within jurisdiction over Santa Clara County, CA; Non US/Canadian subscribers: arbitration via the International Chamber of Commerce http://www.iccwbo.org;. National law may restrict cross border movement of private keys and the encryption capacity they represent.

  11. CA and repository licenses, trust marks, and audit: Approved as a Certification Authority in multiple states. See
    http://www.ip-formation.com/repository/licenses.html;
    TRUSTe see http://www.truste.org , SecureSite, see
    https://seal.ip-formation.com/splash?form_file=fdf/splash.fdf&type=GOLD&sealid=2&dn=WWW.ip-formation.COM&lang=en.
    Annual SAS 70 Type 2 Audit and WebTrust for CA Audit performed by KPMG LLP, see https://cert.webtrust.org/ViewSeal?id=304.
Note: This ip-formation PKI Disclosure Statement is applicable to ip-formation Trust NetworkSM certificates issued through ip-formation, Inc. The practice related to certificates issued through ip-formation affiliate may vary, due to local requirements.