Re: [IETF-PKIX] Definition of terms

[ghilborn@xxxxxxx]

Dave,
I think your comments bring some needed clarity to this discussion.  But, I
want to challenge an assumptions in your first assertion and the second
assertion itself.

The assertion about who is a relying party, appears to assume a reciprocal
relationship between the subject of a CA's certificate and reliance on
other certificates issued by that CA.  In other words, you assume that
because a CA issues a certificate about or "to" me, I must trust it to
certify others.   And, the only way I rely on certificates issued by a
different CA is if "my" CA cross-certifies the other CA.  Clearly these are
false.  Any CA can obtain a copy of a *public* key of mine (or even
generates one at its own initiative) and issue a certificate with me as
subject.  That is insufficient reason for me to extend any trust as a
relying party to that CA.  (In fact, if it did this without my consent or
cooperation, that may be reason to *NOT* trust it.)  Conversely, I can
decide to grant my trust as a relying party any CA that satisfies my
requirements (e.g., because its public key is widely
known/published/built-in to my software), even if it has not issued a
certificate to or about me.  This is exactly what users of the current
generation of SSL-enabled browsers now do.  These flawed reciprocal trust
assumptions seem to pervade a lot of PKI discussions.   Is it stated
explicitly anywhere?

I think the assertion that cross certification should *NEVER* be transitive
is too strong.  It is a matter of a particular chain of CA's policies and
relying party policies.  If a set of CAs have cross-certification policies
that consistently permit transitive trust (of more than one step), and a
relying party wants to rely on such chains of cross-certificates, I don't
see any reason for PKIX to prohibit it.

-Gene