A certification path is currently defined a going from the end-entity toward the trust anchor. I would be convenient to defined a forward certification path equivalent to a certification path and a reverse communication path going from the a CA-certificate signed by the trust anchor down to the end-entity public-key certificate. Any comments? Erik Andersen Andersen's L-Service Elsevej 48, DK-3500 Vaerloese Denmark Mobile: +45 2097 1490 e-amail: era@xxxxxxx Skype: andersen-erik http://www.x500.eu/ http://www.x500standard.com/ <http://dk.linkedin.com/in/andersenerik> http://dk.linkedin.com/in/andersenerik