[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Definition of "trust anchor"

At 6:22 PM -0400 7/2/07, Stephen Kent wrote:
Erps, yes. The chain should have been TAa <- CAb <- EE. CAb is "trusted", but it is not an anchor.

Thanks for the nomenclature clarification.

Still, the arrows seem to go "up" and path validation (vs. discovery) goes "down." Why did you choose to use up vs. down arrows in the example.

I think in terms of the relying party trying to validate a signature. You might think in terms of a CA/TA trying to help the relying party.

--Paul Hoffman, Director
--VPN Consortium