On Sun, 08 Jun 2003 11:34:20 BST, you said:
a digital signature *could* be binding even if it's invalid
If it is legal binding, when if the CA signs my certificate would also
be a legal blinding act? Since a certificate is a document that has a
digital signature.
False certification would make CA in trouble regardless of their
disclaimer.
Verisign found that out the hard way with the bogus Microsoft certificate.
The *bigger* problem is that a very high percentage of the private keys out
there are probably stored on one particular series of operating systems that
are well known for their security flaws - and as such, attacking said machines
with malware designed to harvest keys is a high-profit attack.
pgpvcT5tRncfp.pgp
Description: PGP signature