ELECTRONIC TRANSACTIONS
37
- (b) has—
- (i) if it has a certification practice statement, complied with all of the practices and procedures set forth in such certification practice statement including procedures regarding identification of the prospective subscriber; or
- (ii) in the absence of a certification practice statement, complied with the conditions in sub-paragraph (2).
(2) In the absence of a certification practice statement, the certification authority shall confirm by itself or through its authorised agent that—
- (a) the prospective subscriber is the person to be listed in the certificate to be issued;
- (b) if the prospective subscriber is acting through one or more agents, the subscriber authorised the agent to have custody of the subscriber’s private key and to request issuance of a certificate listing the corresponding public key;
- (c) the information in the certificate to be issued is accurate;
- (d) the prospective subscriber rightfully holds the private key corresponding to the public key to be listed in the certificate;
- (e) the prospective subscriber holds a private key capable of creating a digital signature; and
- (f) the public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held by the prospective subscriber.
Representations upon issuance of certificate
15.—(1) By issuing a certificate, a certification authority represents to any person who reasonably relies on the certificate or a digital signature verifiable by the public key listed in the certificate that the certification authority has issued the certificate in accordance with any applicable certification practice statement incorporated by reference in the certificate, or of which the relying person has notice.
(2) In the absence of such certification practice statement, the certification authority represents that it has confirmed that—
- (a) the certification authority has complied with all applicable requirements of this Act in issuing the certificate, and if the certification authority has published the certificate or otherwise made it available to such relying person, that the subscriber listed in the certificate has accepted it;
- (b) the subscriber identified in the certificate holds the private key corresponding to the public key listed in the certificate;
- (c) the subscriber’s public key and private key constitute a functioning key pair;
