[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Types of object for trust anchors




Greetings again. One thing that I didn't see in section 3 of draft-wallace-ta-mgmt-problem-statement-00 was something acknowledging that trust anchors might come in multiple formats. At a minimum, some systems want them as bare public keys and others want them as certificates. In the latter category, some systems would want them as PKIX certificates and some would want them as PGP certificates. It makes sense to allow one set of trust anchors being delivered to contain multiple types and let the receiver sort out which types it can use.

So, an additional requirement might be that the trust anchor protocol be able to deliver different types of trust anchors, and that each anchor is appropriately marked (probably by an OID).

--Paul Hoffman, Director
--VPN Consortium