I agree. With my mortgage customers (MISMO.org related) I have argued that private certs signed by their business partner is better than a cert issued by a well known cert company. Anyone can buy a cert from the well known company.
As long as the cert company is a bank, you deposite money to the bank, the bank issues a cert for the amount of the money and your bank account is checked and reduced at the time the cert is used, there is no problem to use the bank as a well known cert company.
A problem is that there is no reason to use PK, then.
And if managed correctly they can add/delete employees and application certs real time.
As it is realtime, we don't need complex features of PKI. We, for example, don't need timestamps in certs nor CRLs.
A cert signed by your business partner can not be bought from any vendor.
Still, with established interbank trust relationships, you and your business partner can send and receive money through your and partner's banks.
Execpt that you can use cryptographic security (most likely shared secret ones), it is no different from the current business style to use banks to send and receive money.
Masataka Ohta