Page:Electronic Transactions Ordinance (Cap. 553).pdf/26

ELECTRONIC TRANSACTIONS ORDINANCE PART X '''36. Publication of issued and accepted certificates'''

(1) Where a subscriber accepts a recognized certificate issued by a recognized certification authority, the certification authority must publish the certificate in a repository.

(2) If the subscriber does not accept the recognized certificate, the recognized certification authority must not publish it.

37. Recognized certification authority to use trustworthy system

A recognized certification authority must use a trustworthy system in performing its services—
 * (a) to issue or withdraw a recognized certificate; or
 * (b) to publish in a repository or give notice of the issue or withdrawal of a recognized certificate.

38. Presumption as to correctness of information

It shall be presumed, unless there is evidence to the contrary, that the information contained in a recognized certificate issued by a recognized certification authority (except information identified as subscriber’s information which has not been verified by the recognized certification authority) is correct if the certificate was published in a repository.

39. Representations upon issuance of recognized certificate

By issuing a recognized certificate, a recognized certification authority represents to any person who reasonably relies on the information contained in the certificate or a digital signature verifiable by the public key listed in the certificate, that the recognized certification authority has issued the certificate in accordance with any applicable certification practice statement incorporated by reference in the certificate, or of which the relying person has notice.