If anyone still has the flyer from the Crypto '95 rump session, there was a guy there talking about ANSI standards, and one of the things he mentioned in his talk was work they were doing on "key attributes." I spoke with him afterwards, and we had a lively discussion about this matter; especially with regard to the relationship between key certification and key attributes. I argued that certification is just another kind of attribute, while he is fairly hung up on certificate hierarchies, etc. (Of course, robust and well-implemented attributes couild be used to implement a hierarchical certification structure if that's what was desired, but there seems to be a deep-seated feeling among crypto folks of a certain ilk that such structure needs to be hard-coded into things.) I'll be following up on this matter with him when I am reuinited with my notes, which made an unintended trip to SF, while I only went to Mountain View.
I could see such a system initially being piggybacked on PGP keys (the signatures would not be understandable by PGP though), although for Chaumian credential transfers the keys have to be specially structured and that would require a new approach.
Who would be willing and/or interested enough to use such a system if it existed?
Hal