I can't speak for RIPEM, but that's not accurate for PEM. You can have as long a chain of signatures as you want up to the certifying authority. That may not be as general as you'd like, but it's better than just a single authority.

I think we have a lack of communication here. What I said is completely true about PEM, as well as RIPEM. You cannot have more than one signature on your certificate. I did not mention signature chains in my message at all, only signatures. For example, in PEM, you have the root key sign some certificate, and that certificate signs another, and so on down the chain to a user certificate. However, in PEM I cannot sign your certificate! *THAT* is what I'm talking about. PEM certificates can have one, and *ONLY* one, signature on them. I'm not saying that I think the PEM CA model is bad -- there are good points to it. I just feel it is too restrictive. I like being able to have anyone sign anybody's key in PGP, and building certification in that manner. The fact that in PEM you have a lot of hoops to jump through in order to become a CA will, IMHO, be its downfall. Right now anyone can become a PGP Certification Authority. -derek