CommonLII [Home] [Databases] [WorldLII] [Search] [Feedback]

Malaysia Legislation

P.U.(A) 359/98
DIGITAL SIGNATURE REGULATIONS 1998


THIRD SCHEDULE [Subregulation 35(2)] - PARTICULARS TO BE INCORPORATED IN CERTIFICATION PRACTICE STATEMENT

1. A statement as to the purpose and effect of the Certification Practice Statement.

2. A statement advising the potential subscriber to ensure that before the potential subscriber applies for, uses or relies upon a certificate issued by the licensed certification authority -




3. A statement of the services provided by the licensed certification authority and the fees and charges therefor.

4. A statement with regard to the operating procedure of the licensed certification authority, in particular in relation to the application for and the issue, suspension and revocation of, certificates.

5. A statement with regard to the different classes of certificates available and that the potential subscriber must decide which class of certificate is right for the subscriber's needs.

6. A statement with regard to the determination of the recommended reliance limit for a certificate and that the potential subscriber must decide the amount of the recommended reliance limit that is right for the subscriber's needs.

7. A statement with regard to the procedure for claims against the licensed certification authority.

8. A statement with regard to the protection and use of data obtained from the potential subscriber.

9. A statement advising the potential subscriber in respect of the generation of key pairs and the need to keep the private key secure from compromise and in a trustworthy manner and that software and hardware used must satisfy the technical components prescribed under the Digital Signature Act 1997.

10. A statement advising the potential subscriber that before communicating any certificate to another person, or otherwise inducing their use or reliance on it, the subscriber must accept the certificate, and that upon such acceptance, certain representations by the subscriber will be implied.

11. A statement advising the potential subscriber to immediately notify the licensed certification authority of the compromise of the subscriber's private key.

12. A statement advising the potential subscriber that if the subscriber is the recipient of a digital signature or certificate, the subscriber, as recipient, is responsible for deciding whether to rely on it, and that before making that determination, the subscriber should check the repository of the licensed certification authority issuing the certificate or certifying the public key listed in the certificate to confirm that the certificate is valid and not revoked or suspended. Then the subscriber should use the certificate the subscriber received to verify that the digital signature received was created during the operational period of the certificate by the private key corresponding to the public key listed in the certificate, and that the message associated with the digital signature received has not been altered.

13. A statement advising the potential subscriber that data with digital signatures may need to be re-signed before the security value of an available digital signature decreases with time.

14. A statement advising the potential subscriber that if a time-stamp is required under any written law or if a particular time may be significant with regard to the use of digitally signed data, a time-stamp by a recognised date/time stamp service should be appended or attached to the message or digital signature or other document.