* Daniel Pocock: > Just out of interest, a CA can re-issue their root cert with the same > key pair but a stronger hash. This type of thing has happened before. That's possible because the self-signature is not actually meaningful. 8-) It's different further down the tree, and some protocols (including TLS) do not allow multiple certification chains.