>Furthermore, Verisign already compromised its trust model in the worst way >some time ago when it let a complete stranger obtain a Microsoft signing >certificate.
The trust model comprised due to failure on the CA's part. The CA had failed to successfully identify who the person before issuing the certificate. This is one accident, but many more could occur in the future, resulting potentially fake certificate which could being used, to sign e-mail. Therefore the signature would not identify who the person is really.
