On Sat, 07 Jun 2003 08:30:34 BST, Haren Visavadia <haren@btopenworld.com> said: > The CA holds no warranty, making the certificate invalid in legal terms, > since they can not prove the certificate is yours. IANAL, but you better check with a lawyer on that one. Depending where you live, a digital signature *could* be binding even if it's invalid... Yes, there's some broken legislation out there... Also, remember that a signature merely proves the signed data and the public key were accessible to a computational device at the same time. This is a LONG stretch from actually meaning you signed it intentionally. See Schneier's "Secrets and Lies", there's a whole chapter on this point, or just wait till somebody you know gets nailed with the next Sobig/Nimda/Klez or whatever, and ask if any of the mail they sent out was intentional. ;)
Attachment:
pgp00265.pgp
Description: PGP signature