Doug Royer;
I agree. With my mortgage customers (MISMO.org related) I have
argued that private certs signed by their business partner is better than a
cert issued by a well known cert company. Anyone can buy a cert from
the well known company.
As long as the cert company is a bank, you deposite money to the
bank, the bank issues a cert for the amount of the money and your
bank account is checked and reduced at the time the cert is used,
there is no problem to use the bank as a well known cert company.
A problem is that there is no reason to use PK, then.
And if managed correctly
they can add/delete employees and application certs real time.
As it is realtime, we don't need complex features of PKI. We,
for example, don't need timestamps in certs nor CRLs.
A cert signed by your business partner
can not be bought from any vendor.
Still, with established interbank trust relationships, you and
your business partner can send and receive money through your
and partner's banks.
Execpt that you can use cryptographic security (most likely
shared secret ones), it is no different from the current
business style to use banks to send and receive money.
Masataka Ohta