The certificateless signature scheme can suffer from public key replacement attack so that any one can forge a valid signature on any message.

该方案能受到替换公钥攻击，以至于任何人都能对任何消息成功伪造签名。

Wrapping attacks aim at injecting a faked element into the message structure so that a valid signature covers the unmodified element while the faked one is processed by the application logic.

波鸿鲁尔大学专家在2009年发表的研究论文中阐述道：“包装攻击旨在向信息结构中注入一个伪造的元素，在应用逻辑处理伪造元素的同时，有效签名可以覆盖未改过的元素。

It USES a default signature algorithm, SHA1 with DSA, to create a self-signed certificate valid for 180 days.

它使用默认的签名算法(SHA1和DSA)创建一个带有自我签名的证书，有效期为180天。

By verifying the signature, inquirers using the registry can also be assured that a signed entity is valid and that the publisher represented by the signature created it.

通过验证签名，使用注册中心的查询程序还可以确信一个经过签名的实体是有效的，并且它是由这个签名所代表的发布者创建的。

The signature is still cryptographically valid, as the body element in question has not been modified (but simply relocated).

因为消息体元素本身没有被修改（只是简单转移了位置），所以从密码学角度签名任然有效。