The current Comparator (sun.security.provider.certpath.ForwardBuilder$PKIXCertPathComparator) uses a complex algorithm to determine the priority order of certificates to be traversed when there is more than one candidate. A simpler algorithm is one which sorts candidate certificates based on just a couple of criteria such as their subject and authority key identifiers (SKIDs and AKIDs), and which is usually sufficient for certificates that contain SKID/AKIDs.