Page 25: "accept only those users found there" --> "accept only those users whose certificates are found there". Page 32: Is the error code 3 supposed to be used as well if the certificate fails to verify (as opposed to the certificate being OK, but the signature failing)? Probably another error code would be better...