<p>Verify that a chain of credentials is valid (see cert.py:verify). In
addition to the checks for ordinary certificates, verification also
ensures that the delegate bit was set by each parent in the chain. If
-a delegate bit was not set, then an exception is thrown.</p>
+a delegate bit was not set, then an exception is thrown.
+
+Each credential must be a subset of the rights of the parent.</p>
</dd>
</dl>
</body></html>