I wonder what the 3ds checks in the certificate, or just clients in general, what is the common practice. If I'm correct, everything except the public key is spoof-able, since it has a private pair which we can't guess. All the to-be-verified information about the certification, including the...