Reliance on certificates foreseeable
6. It is foreseeable that persons relying on a digital signature will also rely on a valid certificate containing the public key by which the digital signature can be verified.
Prerequisites to publication of certificate
7. No person may publish a certificate or otherwise make it available to a person known by that person to be in a position to rely on the certificate or on a digital signature that is verifiable with reference to a public key listed in the certificate, if that person knows that—
- (a) the certification authority listed in the certificate has not issued it;
- (b) the subscriber listed in the certificate has not accepted it; or
- (c) the certificate has been suspended or revoked, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation.
Publication for fraudulent or unlawful purpose
8. Any person who knowingly creates, publishes or otherwise makes available a certificate for any fraudulent or unlawful purpose shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 2 years or to both.
False or unauthorised request
9. Any person who knowingly misrepresents to a certification authority his identity or authorisation for the purpose of requesting for a certificate or for suspension or revocation of a certificate shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 6 months or to both.
Recommended reliance limit
10.—(1) An accredited certification authority or a recognised certification authority shall, in issuing a certificate to a subscriber, specify a recommended reliance limit in the certificate.
(2) The accredited certification authority or recognised certification authority may specify different reliance limits in different certificates as it considers fit.
Liability limits for accredited certification authorities
11. Unless an accredited certification authority or a recognised certification authority waives the application of this paragraph, an accredited certification authority or a recognised certification authority shall not be liable—
- (a) for any loss caused by reliance on a false or forged digital signature of a subscriber, if, with respect to the false or forged digital signature, the
