The author believes though the certificate authority takes the duty of tort and breach, when the user ignore keeping electronic signature safely resulting the damage of the signature, the certificate authority can get away from the responsibility. 笔者认为认证机构在承担违约责任与侵权责任的同时,当使用者未尽到妥善保管电子签名和当电子签名被侵害时及时通知各方的义务而对自己的利益造成损害时,认证机构不予承担责任。