Sead,
Sorry that I have not replied sooner, but I was on vacation last Friday.
Allow me to respond to some of your comments.
1. All verifications of certificates are performed LOCALLY
at the user station, since all valid certificates (your own,
plus all up to the top of PEM hierarchy - IPRA, plus all of
your partners and all those from them up to the top) are
earlier retrieved, verified and stored in your local
database.
2. When you initialy register, generate your certificate
and send it to your CA for signature, you will receive back
from your local CA: (1) your own signed certificate, (2)
your CA's certificate, and (3) all certificates at your
branch, up to the top of the hierarchy. In the moment when
you receive them, your user PEM agent will automatically
verify them and if OK, store them in your local database.
3. When you receive the PEM letter from someone, it will
contain two certificates: partner's and his/her CA's. If
that is not enough for verification (since these may belong,
completely or partially, to a certificate path outside of
yours), PEM user agent will automatically send special
Ceritificate request letter to the first CA in your
partner's path whose certificate is missing. The reply will
contain the required, plus all certificates up to the top of
the partner's path. When received, all these certificates
will be again verified and stored in your database.
One thing that bothers me about this strategy is how a PEM user agent knows
that the response it receives is from the "first CA in your partner's path
whose certificate is missing" is not from some an intruder. In particular
if that CA's secret key becomes compromised and consequently revoked, you
can't trust a PEM message from it. According to your description, I believe
this case would not be properly handled.
I think both John Lowry and Greg Bailey also describe what seems to me to
be significant problems with your approach.
Regards,
Dan Nessett