On 11/15/2013 12:52 PM, Dave Cridland wrote: Hi, > That's not quite what Ralf is asking for. He's asking for (one of the) > pinning mechanisms which allow a certificate transition to itself be > authenticated. @Ralf: sorry for not misinterpreting your proposal. @Dave: thanks for the correction. Winfried