Frank,
Thanks for your reply. I couldn't completely follow the sequence you
laid out. If we want to pursue this, we should establish a precise
notation so we can see who's signing what. The issue I raised is what
happens if a rogue CA issues an address certificate unbeknownst to the
subject. I'm not sure whether the protocol you describe forecloses
that possibility. Even if it does, there are other aspects that need
to be examined.
All that aside, I agree with you that address certificates and the
like may well be important for some applications. At the moment,
however, I'm very concerned about the dificulty we're all having
getting PEM into service to provide simple protection of email. On
that account, I'm inclined to push for simplification of the
specifications and use. Building on the existing use of email
addresses seems to me to be the key right now. After PEM is in
widespread use, there may well be a need to build more elaborate
mechanisms and move on to more advanced applications.
Steve