In your previous mail you wrote: Also: I think the MIP experience sez that we ought to consider whether we'd want such a PKI even if it were possible. => we leave the technical domain there... I've never seen a rational argument about this! Regards Francis.Dupont@enst-bretagne.fr