> Section 6 may or may not contradict this but the specification > of the certificates in section 4 states that a root certificates > requires a BasicConstraint. Why do you trust section 4? Why don't you trust section 6, instead? Aagain, section 4 is not readable (i.e. hard to understand or mis-leading). --Kazu