CAcert uses term "Non-Related Persons" to describe end-users who are not "known" or related to the CA by means of a formally agreed contract. In document NRP-DAL, the end-users are offered licence to USE but not permitted to RELY. NRP-DaL was approved by Board at executive meeting decision m20070919.1. and was ratified at AGM of the Association 20071117. Minutes. Principles suggests that Community does not act to detriment of NRPs. Major risks to NRPs would include (a) inappropriate reliance (covered by NRP-DaL), and (b) non-avoidable risks/liabilities e.g., gross negligence. See §A.3.e. Obligations of subscribers. §B.2.c. Statement is published. David Ross's additional comments: My requirement A.6.a means that the CA should state that end users must be realistic in their expectations. If a subscriber meets the CA's criteria for obtaining a site certificate and is then bought out by another party who then uses the site certificate to commit fraud, end users might have to look to the subscriber (and possibly the police) and not the CA for redress. The statement for A.6.a should indicate, for example, what are the general risks to end users who rely on SSL, site certificates, and the integrity of the owners of site certificates. It might also state that the CA is limited in how it controls what happens after a subscriber certificate is issued and that the CA does not daily monitor the subscriber's overall operations and activities. This requirement is NOT a statement of liability; it instead describes the environment in which certificates are used, the limits of that use, and even how they are misused.