37 Representations upon publication
By publishing a certificate, a licensed certification authority certifies to the repository in which the certificate is published and to all who reasonably rely on the information contained in the certificate that the licensed certification authority has issued the certificate to the subscriber.
Representations and duties upon acceptance of certificate
38 Implied representations by subscriber
By accepting a certificate issued by a licensed certification authority, the subscriber listed in the certificate certifies to all who reasonably rely on the information contained in the certificate that-
(a) the subscriber rightfully holds the private key corresponding to the public key listed in the certificate;
(b) all representations made by the subscriber to the licensed certification authority and material to information listed in the certificate are true; and
(c) all material representations made by the subscriber to a licensed certification authority or made in the certificate and not confirmed by the licensed certification authority in issuing the certificate are true.
39 Representations by agent of subscriber
By requesting on behalf of a principal the issuance of a certificate naming the principal as subscriber, the requesting person certifies in that person's own right to all who reasonably rely on the information contained in the certificate that the requesting person-
(a) holds all authority legally required to apply for issuance of a certificate naming the principal as subscriber; and
(b) has authority to sign digitally on behalf of the principal, and, if that authority is limited in any way, adequate safeguards exist to prevent a digital signature exceeding the bounds of the person's authority.
40 Disclaimer or indemnity limited
No person may disclaim or contractually limit the application of this Chapter, nor obtain indemnity for its effects, if the disclaimer, limitation or indemnity restricts liability for misrepresentation as against persons reasonably relying on the certificate.
41 Indemnification of licensed certification authority by subscriber
(1) By accepting a certificate, a subscriber undertakes to indemnify the issuing licensed certification authority for any loss or damage caused by issuance or publication of the certificate in reliance on-
(a) a false and material representation of fact by the subscriber; or
(b) the failure by the subscriber to disclose a material fact, if the representation or failure to disclose was made either with intent to deceive the licensed certification authority or a person relying on the certificate, or with negligence.
(2) Where the licensed certification authority issued the certificate at the request of one or more agents of the subscriber, the agent or agents personally undertake to indemnify the licensed certification authority under this section, as if they were accepting subscribers in their own right.
(3) The indemnity provided in this section shall not be disclaimed or contractually limited in scope.
42 Certification of accuracy of information given
In obtaining information of the subscriber material to the issuance of a certificate, the licensed certification authority may require the subscriber to certify the accuracy of relevant information under oath or affirmation.
Control of private key
43 Duty of subscriber to keep private key secure
By accepting a certificate issued by a licensed certification authority, the subscriber named in the certificate assumes a duty to exercise reasonable care to retain control of the private key and prevent its disclosure to any person not authorized to create the subscriber's digital signature.
44 Property in private key
A private key is the personal property of the subscriber who rightfully holds it.
45 Licensed certification authority to be fiduciary if holding subscriber's private key
Where a licensed certification authority holds the private key corresponding to a public key listed in a certificate which it has issued, the licensed certification authority shall hold the private key as a fiduciary of the subscriber named in the certificate, and may use that private key only with the subscriber's prior written approval, unless the subscriber expressly and in writing grants the private key to the licensed certification authority and expressly and in writing permits the licensed certification authority to hold the private key according to other terms.
Suspension of certificate
46 Suspension of certificate by issuing licensed certification authority
(1) Unless the licensed certification authority and the subscriber agree otherwise, the licensed certification authority which issued a certificate, which is not a transactional certificate, shall suspend the certificate for a period not exceeding forty-eight hours-
(a) upon request by a person identifying himself as the subscriber named in the certificate, or as a person in a position likely to know of a compromise of the security of a subscriber's private key, such as an agent, business associate, employee or member of the immediate family of the subscriber; or
(b) by order of the Commission under section 33.
(2) The licensed certification authority shall take reasonable measures to check the identity or agency of the person requesting suspension.