[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Types of object for trust anchors
Greetings again. One thing that I didn't see in section 3 of
draft-wallace-ta-mgmt-problem-statement-00 was something
acknowledging that trust anchors might come in multiple formats. At a
minimum, some systems want them as bare public keys and others want
them as certificates. In the latter category, some systems would want
them as PKIX certificates and some would want them as PGP
certificates. It makes sense to allow one set of trust anchors being
delivered to contain multiple types and let the receiver sort out
which types it can use.
So, an additional requirement might be that the trust anchor protocol
be able to deliver different types of trust anchors, and that each
anchor is appropriately marked (probably by an OID).
--Paul Hoffman, Director