36
NO. 16 OF 2010
- accredited certification authority or recognised certification authority complied with the requirements of this Act; or
- (b) in excess of the amount specified in the certificate as its recommended reliance limit for either—
- (i) a loss caused by reliance on a misrepresentation in the certificate of any fact that the accredited certification authority or recognised certification authority is required to confirm; or
- (ii) failure to comply with paragraphs 14 and 15 in issuing the certificate.
PART II
DUTIES OF CERTIFICATION AUTHORITY
Trustworthy system
12. A certification authority must utilise trustworthy systems in performing its services.
Disclosure
13.—(1) A certification authority shall disclose—
- (a) its certificate that contains the public key corresponding to the private key used by that certification authority to digitally sign another certificate (referred to in this paragraph as a certification authority certificate);
- (b) any relevant certification practice statement;
- (c) notice of the suspension or revocation of its certification authority certificate; and
- (d) any other fact that materially and adversely affects either the reliability of a certificate that the authority has issued or the authority’s ability to perform its services.
(2) In the event of an occurrence that materially and adversely affects a certification authority’s trustworthy system or its certification authority certificate, the certification authority shall—
- (a) use reasonable efforts to notify any person who is known to be or foreseeably will be affected by that occurrence; or
- (b) act in accordance with procedures governing such an occurrence specified in its certification practice statement.
Issuance of certificate
14.—(1) A certification authority may issue a certificate to a prospective subscriber only after the certification authority—
- (a) has received a request for issuance from the prospective subscriber; and