Vint,
I agree. This is a good time fix our terminology and acronyms. The
role of the ISoc is to register PCAs. The fact that the ISoc will
issue certificates for the PCAs is a "mere implementation detail" and
not the right abstraction. So I strongly agree with characterizing
the ISoc operation as a registration authority. (Or even a term
weaker than "authority", although that has held up quite well for the
IANA.)
Now, what is it that's going to be registered? Not exactly
"certificates"; that is, the ISoc is not going to register all
certificates. It's really going to register a particular class of
certificate issuers. So you could call it the Internet Certificate
Issuers Registration Authority (ICIRA), or just Internet Certificate
Issuers Registry (ICIR). That doesn't capture the idea that only PCAs
are to be registered with the ICIR... I'll let someone else figure
out how much to cram into the name.
Moving on to "PCA", I find the terminology mildly troublesome. RFC
1114f uses the term Policy Certification Authority, but that seems
odd, as they don't really certify policies. They really authorize
other organizations to issue certificates. The only relevancs of
"policy" is that each PCA may have its own different policy for
certain aspects of the process. (And it must subscribe to the same
policies for other aspects, e.g. coordination of DNames.) So these
"PCAs" might better be called Certificate Issuer Registries, or just
CIRs.
I don't feel strongly about any of the above. I understand the issue
your counsel is raising, and I'll be happy with any reasonable
nomenclature, including the one you suggested, viz Internet
Certificate Registration Authority.
Steve