Steve,
You said:
RFC 1422 establishes not only the requirements for an Internet
certification infrastructure in support of PEM, but also establishes
the requirements for how a compliant PEM implementation validates
certificates. In this latter context, the RFC specifies the complete
set of rules for certificate validation, not a subset. If the
specification were interpreted as being only a subset of the rules a
PEM UA could implement, then an implementation could apply other rules
that might conflcit with the rules in the RFC and the user would have
to be informed under what other rules (defined in what RFC?) the
certificate was validated. If you agree that a user can be easily
overloaded by a complex set of validation rules and by presentation of
lots of validation data, then this interpretation of 1422, as
specifying only a subset of validation rules, certianly has its
drawbacks.
The additional rules for validation that we have implemented have been
driven by experience. At present, the modifications we've made to the
validation rules are pretty simple and don't pose much of a threat to
the user's ability to understand the situation. In my view, the rules
set forth by 1422 contain an important distinction between the role of
the IPRA and the roles of all of the other nodes in the hierarchy, but
the distinction is not adequately highlighted. I believe the role of
the IPRA is better understood as different, rather than similar, to
the other nodes. The IPRA serves as a kind of trusted publisher of
certificates of PCAs. Hence, the model set forth in 1422 can be
viewed as a set of (almost) independent hierarchies. (The "almost" is
because the PCAs under the IPRA have agreed to coordinate on the
assignment of names.) Rather than having each PCA sign each other
PCA's certificate, each user is required to learn about and evaluate
each of the other hierachies. The IPRA is offering a service to
facilitate this process by (a) signing certificates for PCAs and (b)
requiring each PCA to provide a policy statement.
The above model generalizes easily to permit other entities to act as
publishers. Our implementation currently implements a partial
approximation of this idea in that each user or site is allowed to
specify the set of "roots" that it trusts. This permits the user to
interact with sites which are not part of the official Internet
hierarchy. However desirable it may be for everyone to fit under the
unfified Internet hierarchy, it seems clear that many groups will
choose not to register with the IPRA and will establish their own
"independent" hierarchy. And then, of course, having set up an
independent hierarchy, they'll want to interact with everyone else on
the network...
Steve