Rhys,
I agree with many of your points, but feel that you go a little too far
when you start proposing extensive use of self-signed certificates.
I would suggest that you talk to George Parsons at RSA
(george(_at_)rsa(_dot_)com), Steve Crocker at TIS (crocker(_at_)tis(_dot_)com),
Jeff Schiller
at MIT (jis(_at_)mit(_dot_)edu), and Sead Muftic at COST in Sweden
(sead(_at_)dsv(_dot_)su(_dot_)se). They are the people that are currently
running PCAs,
to the best of my knowledge, and they should be able to help you.
Your request to set up a low-assurance CA that would operate via
a more or less automatic responder doesn't seem unreasonable, so long as
everyone understands what the guidelines are. If necessary, I think
a new PCA could be established for e-mail DNs. Presumably, the
Policy statement would be something to the effect, "Send us a signed
request that includes your public key and e-mail name. We will
send the response back to the e-mail address included in the certificate.
If something goes awry in the process, tough luck."
I don't know what arrangements would be necessary for payment of
any fees for this service. Maybe, hint, hint, the more benevolent PCAs
would consider this part the cost of getting into the business and would
waive any fees for the first year. Presumably by the end of the year you
would be better established and ready to go through the process necessary
to have a higher level of assurance for your certificates, or at least be
willing to send them your check or credit card number.
One way to do this might be to request one of the existing PCAs to set up
a low assurance CA for just such purposes. Perhaps the CA's
name could be
C=US, S=CA, O="RSA Data Security, Inc."
OU="Caveat Emptor E-Mail CA"
and the user's distinguished name (in order to satisfy the name subordination
requirements) would be
C=US, S=CA, O="RSA Data Security, Inc.",
OU="Caveat Emptor E-Mail CA",
CN="Rhys Weatherley <rhys(_at_)fit(_dot_)qut(_dot_)edu(_dot_)au>"
Unfortunately, this might be construed as implying that you had a close
affiliation with RSA, and their lawyers might not be willing to set up
a CA with such a name. But try it -- what have you got to lose?
Your comment about not seeing why we need to _require_ CAs has been
made many times before, in particular by those who favor an extended
web of trust model similar to the PGP mechanism. Steve Kent and others
will give you cogent arguments about scalability, ability to handle CRLs,
etc., but if we can't get the system off the ground because of these problems
none of those issues will matter. It remains to be seen whether this is the
situation or not.
I do disagree about the difficulty of distributing CRLs prior to X.500 being
available. That is one of the functions that the PCAs are supoosed to
perform.
Bob