Vint,
There is a very interesting follow-up to your view of PCAs. If the
signature of a certificate by a PCA merely is the assertion "Me, PCA named so
and so, hereby testify that the entity named this and that is in possession of
the RSA key number N", then, we have to change a couple of details:
1) We should consider the certificates as mere "snapshots" of the key
bindings, and stop believing they are related to any form of policy.
After all, this would be consistent with the current practice of
only asserting "weak" policies.
2) We should only have a date of issuing, and not a date of validity. Who
are you to say that this entity will have retain its key next year? Just
because a person wears long hairs on a snapshot does not mean he will
not get shaved next day.
3) We should display the date of issuing of the certificates used in the
certification path, as old certifcates are much more likely to be stale.
Maybe we could use the date in some form of "path metric".
Which indeed does not reliev the necessity to somehow propagate lists of
stolen keys. But we all know that the CRL approach is very weak -- there is no
way to be sure one has got the last, up to date, CRL...
Christian Huitema