diff --git a/themis-results.md b/themis-results.md
new file mode 100644
index 0000000..11718b0
--- /dev/null
+++ b/themis-results.md
@@ -0,0 +1,8 @@
+|Certificate condition   |What themis does now (v0.4.19)     |What we want themis to do.      |
+|:-----------------------|:----------------------------------|:-------------------------------|
+|no peer certificates.   |`trust` of 0  |`trust` of 0|
+|peer certificate in a chain we *DO NOT* trust|`trust` of 1000|`trust` of 0|
+|peer certificate in a chain we *DO* trust|`trust` of 1000|`trust` of 1000|
+
+The existing check for `CommonName` and `DNSSuffixes` is a red herring. As long as we properly check the certificate chain, the right `trust` should be given.
+