[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Types of object for trust anchors

To: ietf-trust-anchor@xxxxxxxx
Subject: Types of object for trust anchors
From: Paul Hoffman <paul.hoffman@xxxxxxxx>
Date: Mon, 11 Jun 2007 16:55:46 -0700
In-reply-to: <886F5D4C78AFB14D87261206BFB9612E1D1D0952@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
References: <886F5D4C78AFB14D87261206BFB9612E1D1D0952@xxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx

Greetings again. One thing that I didn't see in section 3 ofdraft-wallace-ta-mgmt-problem-statement-00 was somethingacknowledging that trust anchors might come in multiple formats. At aminimum, some systems want them as bare public keys and others wantthem as certificates. In the latter category, some systems would wantthem as PKIX certificates and some would want them as PGPcertificates. It makes sense to allow one set of trust anchors beingdelivered to contain multiple types and let the receiver sort outwhich types it can use.

So, an additional requirement might be that the trust anchor protocolbe able to deliver different types of trust anchors, and that eachanchor is appropriately marked (probably by an OID).


--Paul Hoffman, Director
--VPN Consortium

Follow-Ups:
- Requirements for the container
  - From: Paul Hoffman
- Re: Types of object for trust anchors
  - From: Jon Callas
- Re: Types of object for trust anchors
  - From: Michael Richardson

References:
- trust anchor management problem statement
  - From: Carl Wallace

Prev by Date: trust anchor management problem statement
Next by Date: Re: Types of object for trust anchors
Previous by thread: trust anchor management problem statement
Next by thread: Re: Types of object for trust anchors
Index(es):
- Date
- Thread