Steve,
I don't think your characterization of what I said is correct. You said:
I argue against Steve Crocker's "semantic cross-certification" because
the underlying mechanism available in TISPEM has nothing to do with
PCAs certifying one another in any fashion. The mechanism allows a
user to acquire a set of PCA public keys, e.g., by some out of band
means, which means that none of the PCAs is involved in certifying any
other PCA at all. This has nothing to do with cross-certification of
any sort, and thus using the term "cross-certification," even with some
sort of qualifier, is misleading.
Yes, that's right!
The mechanism I described pertains to trusting, not obtaining,
various PCA keys.
If I'm in one hierarchy, and the user I want to communicate with is in
a different hierarchy, how do we establish appropriate levels of trust
and set up automatic processing of messages in each direction? One
might wish the problem away, but I suspect it won't disappear.
Therefore, we need some solution.
The solution I proposed is that each side permit more than one "top"
in its certificate validation rules. In addition, each side has to
have some rule for adding (and deleting) "tops" from its set. One way
to do this is manually. Another way is to designate one or more
entities as trusted "speakers." If I'm in hierarchy A with a
top of PCA-A, my processing rules allow me to valide certificates that
lead back to PCA-A or to any other certificate in my set of trusted
tops. How does the certificate for PCA-B get into my list of trusted
tops? Well, there's room for various mechanisms, but one that makes
the most sense to me is to designate one or more trusted speakers.
Two trusted speakers that come to mind are PCA-A and IPRA, but there
could be others.
To characterize the notion of trusted speakers as "out of band"
implicitly suggests it has no stature now and can never have stature.
I think this is wrong.
Steve