[rocqua]

For a long time, I've argued we need leaf certificates to be double signable. That way there can be two chains of trust for a website. Then dropping a CA doesn't matter much, since all serious parties should have multiply signed paths to various roots of trust. Hence we solve the problem of CAs becoming to big to fail.

The current way cross-signing works is almost an accident, and only works for intermediate certificates. Because the 'signing cert' is looked up by name. An intermediate cert can be published twice with the same name, same key, but different signatures and signing cert. Hence doing this for a leaf certificate would mean 'just get two certificates'.

[saurik]

I see what you meant--having two for redundancy--but I was much more excited by the idea of having two where both had to be valid, as getting two organizations to issue you a bogus certificate is going to be a hell of a lot harder than getting one (not impossible, but often an entirely different kind of attack). Maybe we require three and at least two have to be valid, providing the benefits of both angles? ;P

[rocqua]

Perhaps have this go together with an Extended Validation certificate?