Generating the Credential File

HP Signing Policy for CSP Add-In Vendors for CDSA Version 1.2HP Signing Policy for CSP Add-In Vendors for CDSA Version 1.2

1.The vendor, whether a company incorporated in the United States or not, is responsible for obtaining a license from the Intel Corporation to gain access to the CDSA Software.

2.If the vendor is a company incorporated in the United States and will sign legally binding documents indicating the CSP add-in will be for North America (Canada and the United States) use only, HP will sign the company’s X.509 identity certificate and allow the vendor to use the signdll signing tool at a designated HP facility, to actually sign the CSP.

3.If the vendor is a company incorporated in the United States and indicates the CSP add-in module will be for world export, the vendor must first submit evidence of U.S. State Department approval for export of its CSP. Upon review and acceptance of the evidence, HP will sign the company’s X.509 identity certificate and allow the vendor to use the signdll signing tool at a designated HP facility, to actually sign the CSP.

HP may require other general legally binding documents to be signed for vendors in 2 and

3 above, including:

a.Declarations the vendor will follow United States law in any export of the CSP.

b.The vendor represents that it is responsible for its CSP. That is, that the vendor is responsible for all shipments out of North America and for complying with all United States regulations. The vendor is responsible for acquiring any required licenses.

4.Appropriate protocol will have to be determined for non-United States corporations in relation to their CSP products for North America and the rest of the world.

84

Appendix B