The point is that there are other schemes for handling the certification
problem besides the certificate hierarchy and name subordination. They
have different tradeoffs, and different benefits. We should avoid
falling into the trap of thinking that there is only one Right Way to
accomplish a particular task.
thanks Ted. We seem to be in complete agreement on the underlying process of
design
and productization of technology. I agree that name subordination as
a countermeasure to CA masquerade is a 1422 v1-specific evil thing which will
hopefully soon go away as the infrastructure evolves away from overloading
security countermeasures on a naming system. Other techniques - including
v3 critical extensions - can indeed more appropriately protect against this
particular
threat when its relevant to a customers need.
What we all need to do now is begin to standardize on the countermeasures which
enforce TCB logical protection, including TCB physical and TCB self-checking
procedures. To address some of Bob's (many) points, there is also need
to standardize TCB start-up and recovery mechanisms.