Peter,
PEM specifies that display of the PCA's name and the user's
name will suffice to completely identify any of the CA's along the
path between the PCA and the user. The insertion of a (residential)
CA with a name not superior to the user's name violates this
principle. If the certification path is short, as in your example, it
might not be a problem to display the full path for the user, but when
do we draw the line and decide that the path is too long? RFC 1422
establishes the name subordination requirement to address a number of
concerns, including this one over how long a path should a user be
required to carefully examine, to avoid being spoofed. The example
you provided, because of the name of the residential CA, violates the
rule that permits the minimum display noted above.
Steve