24. Foreseeability of Reliance on Certificates. It may be presumed that persons relying on a digital signature also will rely on a valid certificate containing the public key by which the digital signature can be verified.

Source: Singapore Electronic Transactions Act §23.

Comments: This section acknowledges that a recipient of a digitally signed message will rely on a certificate to determine whether the message was signed by the sender. A recipient of an electronic record signed with a digital signature will assume that the certificate is valid and rely upon the certification authority’s representations in the certificate that the signer is indeed the subscriber that is listed on the certificate. However, reliance on the integrity of the certificate is only foreseeable during the operational period of the certificate.

25. Prerequisites to Disclosure of Certificate. A person shall not publish a certificate or otherwise make it available to anyone known by that person to be in a position to rely on the certificate or on a digital signature that is verifiable with reference to a public key listed in the certificate, if such person knows that:

(a) the certification authority listed in the certificate has not issued it;

(b) the subscriber listed in the certificate has not accepted it; or

(c) the certificate has been revoked or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation.

Source: Singapore Electronic Transactions Act §24.

Comments: This section prevents the publication of a certificate if it does not meet the pre-requisites as set forth above. The underlying premise of this section is to prohibit a party from publishing a certificate if they know that the certificate was not issued by a certification authority, the subscriber listed in the certificate has not accepted it, or the certificate has been suspended or revoked. The purpose of this section is to discourage fraudulent activity and encourages due care on the part of those issuing certificates. This section applies to certification authorities, subscribers named in the certificate and third parties.

26. Publication for Fraudulent Purpose. Any person who knowingly creates, publishes or otherwise makes available a certificate for any fraudulent or unlawful purpose shall be guilty of an offense and shall be liable on conviction to imprisonment for a term not exceeding 2 years or a fine not exceeding Rs.1,00,000 or both.

Source: Singapore Electronic Transactions Act §25.

Comments: This section prohibits the publication of a certificate for fraudulent purposes. Under this section use of a certificate for fraudulent purposes is an offense punishable by imprisonment or fine or both.

27. False or Unauthorized Request. Any person who knowingly misrepresents to a certification authority his identity or authorization for the purpose of requesting a certificate or for suspension or revocation of a certificate shall be guilty of an offense and shall be liable on conviction to imprisonment for a term not exceeding 6 months or a fine not exceeding Rs. 50,000 or both.

Source: Singapore Electronic Transactions Act §26.