>OK, so what happens when someone else uses my address, perhaps using > my passport, captured from some mail sent by me to someone? > I think the term of art is "being Joe Jobbed". > Every now and then, I get a bounced report that claims something I sent > is being returned, but it was not sent by me. This "something" is most >often spam sent to someone else. Sometimes it contains a virus. > Apparently this is a trick to get me to open it. The CA holds no warranty, making the certificate invalid in legal terms, since they can not prove the certificate is yours.