Rev. 2011]
Kenya Information and Communications
CAP. 411A
limits on the value of transactions, where applicable;
(g) the secure electronic signature of the certification service provider
that verifies the information in the certificate;
(h) sufficient information that can be used to locate or identify one
or more repositories in which notification of the revocation or
suspension of the certificate would be listed, if the certificate is
suspended or revoked; and
(i) any other information as may be determined by the Commission
from time to time.
(2) A certification service provider shall determine, based on official
documents, the identity of the person to whom a certificate is issued and shall
specify, in the certification practice statement, the subscriber identity verification
method applied in the issuance of certificates.
(3) A certification service provider shall give a subscriber an opportunity
to verify the contents of the certificate before the subscriber accepts it.
(4) A certification service provider shall inform a subscriber, in writing,
the legal effect of an advanced electronic signature, the limitations on use of
certificates and the dispute resolution procedures, applicable.
(5) A certification service provider shall warn subscribers, in writing, not
to allow third parties to use signature creation data associated with signature
verification data in the certificate.
(6) Where the subscriber accepts the issued certificate, the certification
service provider shall publish a signed copy of the certificate in a repository in
accordance with regulation 8.
(7) Where the subscriber does not accept the certificate, the certification
service provider shall not publish the certificate.
(8) Once a certificate has been issued by the certification service provider
and accepted by the subscriber, the certification service provider shall notify
the subscriber, within a reasonable time, of any fact that subsequently becomes
known to the certification service provider that may significantly affect the
validity or reliability of the certificate.
(9) A certification service provider shall log and keep in a secure manner
the date and time of all transactions relating to the issuance of a certificate.
(10) Where a certification service provider issues an additional certificate
to a person on the basis of a valid certificate held by the same person and
subsequently the original certificate is suspended or revoked, the certification
service provider shall investigate and determine whether the new certificate
should also be suspended or revoked.
285
[Subsidiary]