Steve,
I may be having trouble distinguishing between what you mean
and what TISPEM does. I also may have problems understanding what you
men when you provide a variety of partial characterizations of how it
might be effected, without accompanying analysis of the semantic
impleications of each possible approach.
One way in which we clearly do not agree is the sense of the
extent to which I am affiliated with a given PCA. I understand what a
PCA does for me in the context of the currently defined PEM
certification system, and in terms of each PCA's policy statement.
The term PCA has no standing outside of this context; it is not part
of X.509, for example.
Under the current scheme, a PCA generally would not certify
another, in part because that would imply that the second PCA had the
same policy as the first, and because of the ambiguity the
certification would introduce into the system (since we do not have a
way to syntactically distinguish between PCA and CA certificates, for
example). One can imagine a user acquiring the public key for PCAs by
any of a variety of means, of which 1422 defines one, i.e., via
certification by the IPRA. If one acquired PCA keys via some out of
band means, e.g., in a system with no IPRA and there was a way to
denote PCA keys vs. CA key, and the PCAs colloborated to provide
global CRL access, etc., then the resulting system would have most if
not all of the security features of the 1422 system, but might just
make it harder for users to acquire PCA keys.
Entities ("speakers"?) could facilitate this service by
emailing other PCA public keys to their CAs and users, accompanied by
the PCA policy statements, etc. That assumes that the other PCAs
submit such statements, agree to abide by some level of common policy,
and do the other things PCAs do in the 1422 system. However, there
may be an asymmetry here. If I am a subscriber to a high assurance
PCA, I may be comfortable having that PCA introduce me to lower
assurance PCAs, but maybe not vice versa. If I am a persona PCA
subscriber, do I trust that PCA to introduce me to any PCA with a
purportedly higher assurance policy? Does the resulting system
provide trust semantics comparable to the 1422 system, is it as easily
scaled to accommodate large numbers of CAs, users, and, maybe, PCAs?
Without lots more detail than I have seen in a few messages and a
couple of slides, I don't think these questions can be answered.
My suggestion, Steve, is that you prepare a written
description of an alternative certification system, at least as
thorough as the description provided in 1422, and preferably compare
and contrast it with the 1422 system. Then we can have discussions in
which we understand the pros and cons of alternative proposals, in a
context at least as comprehensive as that of 1422.
Steve