On Sat, 07 Jun 2003 08:30:34 BST, Haren Visavadia
<haren(_at_)btopenworld(_dot_)com> said:
The CA holds no warranty, making the certificate invalid in legal terms,
since they can not prove the certificate is yours.
IANAL, but you better check with a lawyer on that one. Depending where you
live, a digital signature *could* be binding even if it's invalid... Yes,
there's some broken legislation out there...
Also, remember that a signature merely proves the signed data and the
public key were accessible to a computational device at the same time.
This is a LONG stretch from actually meaning you signed it intentionally.
See Schneier's "Secrets and Lies", there's a whole chapter on this point,
or just wait till somebody you know gets nailed with the next Sobig/Nimda/Klez
or whatever, and ask if any of the mail they sent out was intentional. ;)
pgpumpJz7NCbm.pgp
Description: PGP signature