I'd like to see a less centralized CA that's tied into the existing system of notaries. The idea is to make it necessary to spoof a notary in order to spoof the CA. That won't make spoofing the CA impossible (nothing will), but it will make spoofing the CA illegal.
You might wish to look at the Apple DigiSign design. RSA DSI ran a CA under contract as a notary enrollment system for 2 years. The people from RSA DSI, now at Verisign, have a certain amount of experience with this system. I dont understand how you intend to make CA spoofing illegal. Who who perform the enforcement? (By illegal, I assume you mean that there is a criminal offence involved, rather than a tort.)
A notary could apply to the CA for the right to work as an agent, for a nominal fee (<$100/year). Only notaries could be agents. If a person wants a certificate, they'd come in and present ID and a key to the notary/agent. The person would have to present a form document stating that he's requesting the cert. The notary would stamp the form and affix a signature to the key which would enable it to be processed automatically by the CA.
This has been tried, and many certificates issued under a variant of this scheme. it seems likely that only an ABA-certified notary would be reasonaby secure from professional liabilities. Good efforts have been made to qualify what the professional procedures would be.
Fees for the whole procedure ought to be less than $30. The CA ought to operate off of the fees from the agents as a non-profit organization, and the agents ought to keep the fees paid by the people requesting the certificates.
Notary fees might be best controlled by the notary, not the CA. Seems an unreasonable restriction of trade to price-fix, even at the low-end.
Would any of the lawyers on the list be willing to comment on whether or not it's possible or practical to tie a CA into the notary system? Does anyone have any thoughts as to how difficult/risky spoofing my CA is compared to spoofing Netscape or Verisign?
There is indeed a large body of legal ramifications in this area. The best way to learn about it is to become a CA and do it. Risk taking is part of being in the CA business, however you operate it, even for free.
I could put up a server and I think I know a laywer who would help me set up a non-profit organiation on a shoestring, but I don't want to do it if the plan is impractical.
Running as a not-for-profit may not prevent general liability. You can give the service away for free and will still be liable for the mis-representations you or your agents make. There are DARPA reports written about the issue (though these do not usually constitute advice.)
Morevover, although I don't think it's reasonable to expect Netscape to agree to include a non-existent CA in their browsers sight unseen, at the same time it doesn't seem smart to sink money into setting up the CA without some indication from Netscape that they're willing to give the idea good faith consideration.
Navigator betas seem to already facilitate users configuring their own trust points in a manner rather similar to adding a key to your personal PGP keyring. IBM browsers allow formal configuration of trust points. CAs as a business and economic growth area are just happening. We have two declared companies; Verisign and GTE. I personally expect another 10-20 to declare soon. The large (phone company) networks seem to be where the current action is, followed by the large accounting firms. As a small software company, I personally back the other similarly small software companies making and selling organizational CA systems to help people manage their own community of interest as they see fit.