1  2  3  4  5  6  7  8  9  10  11  12  13 

Motivations (Actual operational issues)
Japanese GPKI is based on Bridge CA architecture.
Needed various interoperability experiments
Raised not only technical issues, but many operational issues.
Bridge CA MUST be neutral and strict.
Needs domain certification criteria.
MUST restrict connecting with irregular trust model which has not interoperability.
Some confusing example
CA-X cross-certifies subordinate CA-Y of another domain.
Does CA-X trust not the superior CA-Z of CA-Y, though the ARL of CA-Y is issued by CA-Z?
How does CA-X trust and verify the ARL issued by CA-Z?
CA-X and CA-Y cross-certify each other mutually.
When CA-X updates cross-certificate, does CA-Y re-generate not crossCertificatePair?
CA-X only populate self-signed certificate to own domain internally.
This CA-X looks like subordinate CA from outside.
PPT Version