Let me just add that I have always considered bootstrapping small
groups of users with self-signed certificates as a reasonable
compromise between totally free-form certification, and strict
top down certification.
This permits a reasonable path to the scalability of the top
down approach (when the infrastructure is established) from the
bootstrapping issues encountered by small groups of users
when the infrastructure is lacking.
I'm glad to hear it. In case you didn't know, this is exactly the
approach taken by RIPEM 2.0 which we have now released. We use the
syntax from RFC 1421 and modify only one thing by introducing
Recipient-Key-Asymmetric which indicates the recipient of an ENCRPTED
message simply by the public key. (RFC 1421 indicates the recipient
by the issuer, which doesn't work in a direct trust environment with
no issuers. Besides, a recipient will always recognize and trust
their own public key without need of certification. This in fact works
fine with full-blown RFC 1422 hiererchies.)
- Jeff