Hello,
I have another question to security in the web. If I understand it correctly certificates are for identify who you really are. So the man in the middle attack isn't possible. But when I see this image:
I think a man in the middle attack is possible. You could split the Signature, the certificate from the data. Make your own signature with your fake data and send the fake data with the fake signature (but the right certificate) to the server/client.
What I also not understand in this picture is where the certificate gets checked, on the verification side.
thanks.
SCBoy