Bob Jueneman writes:
In the fully developed PEM model, the IPRA will post and sign a
certificate for each PCA. This signature will attest to the fact
that the PCA exists, and that it has published a policy statement,
and that the public key for that PCA is as contained in a
certificate signed by the IPRA. But the IPRA does _not_ specify or
enforce any particular level of trust that should be associated with
that PCA. PCAs may be established that are specifically intended
_not_ to connote any trust at all with respect to a particular user,
whose name may be fictitious.
While it is true that the PEM model posits a collection of PCA's which
each may be a locus of trusted relationships, and that these
individual PCAs may or may not be treated by a suitably skeptical user
as being really trustable, there is still a key part of the
infrastructure development that is flawed with respect to a PGP based
cooperative scheme. That is to say that there is *one* IPRA, *one*
center of the universe (even if it's just an administrative center),
and that working within that system implies a level of cooperation
with those authorities that may not be suitable.
CREEP, the CIA, the Mafia, the Students for a Democratic Society (to
take a local example) would have been able to create a PCA and
register them with the IPRA, but recall of course that registration is
one that might not be in your best interest if you are someone who is
sensitive to traffic analysis. PGP admits the notion of keeping
autonomous cells which may be totally unknown by central authorities.
This may be for commercial competetiveness reasons (to hide a joint
venture from competitors), privacy reasons, or other political or
social motivations.
Edward Vielmetti, vice president for research, Msen Inc.
emv(_at_)Msen(_dot_)com
Msen Inc., 320 Miller, Ann Arbor MI 48103 +1 313 998 4562 (fax: 998 4563)