It is suggested to add the following text after the CertificationPath data type: The userCertificate component shall hold the end-entity public-key certificate. The theCACertificates component may hold an element for each CA from the end-entity up to and including the CA been certified by the trust anchor. If the end-entity public-key certificate has been issued directly by the trust anchor, this component shall be absent. The CertificatePair data type is defined in 11.2.3. The issuedToThisCA component of the CertificatePair data type shall be present to ensure an unbroken certification path. NOTE - the order of elements in a CertificationPath instance is opposite to the order of a certification path. Any comment? Erik Andersen Andersen's L-Service Elsevej 48, DK-3500 Vaerloese Denmark Mobile: +45 2097 1490 e-amail: era@xxxxxxx Skype: andersen-erik http://www.x500.eu/ http://www.x500standard.com/ <http://dk.linkedin.com/in/andersenerik> http://dk.linkedin.com/in/andersenerik