Selon Aleksey Sanin <aleksey at aleksey.com>: > Good catch! Fixed. What really surprised me is that I saw that bug trying to sign with the "fake" root certificate of the page http://www.aleksey.com/xmlsec/xmldsig-verifier.html !