Question :
Suppose that you receive an email from someone claiming to be Alice, and the email included a digital certificate that contains M = ("Alice", Alice's public key) and [h(M)]_CA, where CA is a certificate authority.
How do you verify the signature? Be precise. Why do you need to bother to verify the signature? Suppose that you trust the CA who signed the certificate.
Then, after verifying the signature, you will assume that only Alice possesses the private key that corresponds to the public key contained in the certificate.
Assuming that Alice's private key has not been compromised, why is this a valid assumption?
Assuming that you trust the CA who signed the certificate, after verifying the signature, what do you know about the identity of the sender of the certificate?