On Sun, 08 Jun 2003 11:34:20 BST, you said: > > a digital signature *could* be binding even if it's invalid > > If it is legal binding, when if the CA signs my certificate would also > be a legal blinding act? Since a certificate is a document that has a > digital signature. > > False certification would make CA in trouble regardless of their > disclaimer. Verisign found that out the hard way with the bogus Microsoft certificate. The *bigger* problem is that a very high percentage of the private keys out there are probably stored on one particular series of operating systems that are well known for their security flaws - and as such, attacking said machines with malware designed to harvest keys is a high-profit attack.
Attachment:
pgp00267.pgp
Description: PGP signature