Eric, I don't believe the proposal is fully adequate. It is currently proposed: An ordered list of public-key certificates starting with a public-key certificate signed by a trust anchor and ending with the public-key certificate to be validated. We currently have: CertificationPath ::= SEQUENCE { userCertificate Certificate, theCACertificates SEQUENCE OF CertificatePair OPTIONAL } The proposed definition does not match with the ASN.1 definition. I would rather propose: An ordered list of public-key certificates starting with the public-key certificate to be validated, optionally followed by an ordered list of CA certificates, the last one being signed by a trust anchor. Denis Pinkas Bull SAS De : "Erik Andersen" <era@xxxxxxx> A : "Directory list" <x500standard@xxxxxxxxxxxxx>, "SG17-Q11" <t09sg17q11@xxxxxxxxxxxxx> Date : 22/07/2011 17:20 Objet : [x500standard] DR on def of certification path Envoyé par : x500standard-bounce@xxxxxxxxxxxxx After some discussion, especially on the PKIX list, there seems to be some consensus on the definition of certification path. This consensus is reflected in DR 369 (see http://www.x500standard.com/uploads/Ig/DR_369.pdf ). Erik Andersen Andersen's L-Service Elsevej 48, DK-3500 Vaerloese Denmark Mobile: +45 2097 1490 e-amail: era@xxxxxxx Skype: andersen-erik http://www.x500.eu/ http://www.x500standard.com/ http://dk.linkedin.com/in/andersenerik