RE: Nailing down the definition of "trust anchor"

["Thomas Hardjono" <thardjono@xxxxxxxxxxx>]

Paul,

Looks good. Perhaps if the words "associated data" remain too
broad/vague, we could add a further distinction regarding "data":

 - TA description data: information about the type of key, 
     key length, algorithm etc (ie. the usual profile related 
     info) of the TA public key.

 - TA usage data: namely the scope of the use of the trust anchor.

/thomas/


> -----Original Message-----
> From: owner-ietf-trust-anchor@xxxxxxxxxxxxx 
> [mailto:owner-ietf-trust-anchor@xxxxxxxxxxxxx] On Behalf Of 
> Paul Hoffman
> Sent: Thursday, August 09, 2007 3:20 PM
> To: ietf-trust-anchor@xxxxxxxx
> Subject: Nailing down the definition of "trust anchor"
> 
> 
> Greetings again. One of the topics earlier on the mailing 
> list was defining what a "trust anchor" is. A few of us 
> hammered out the following words. If folks like them, great, 
> we can move on to harder topics. If not, let's see if we can 
> coalesce on words that work.
> 
> -----
> A trust anchor is a public key and associated data used by a 
> relying party to begin the process of validating a signature 
> on a signed object. Associated data is used to define the 
> scope of the use of the trust anchor for validating 
> signatures. For example, associated data might limit the 
> types of identifiers in certificates that a trust anchor is 
> allowed to validate.
> -----
> 
> Given the number of people at the TAM BoF who were confused 
> about what "associated data" might be, I think it is 
> important for us to call it out and to give a fairly easy 
> example. Thus, the third sentence is not technically part of 
> the definition, but it is fairly important to helping the 
> reader understand what we are talking about.
> 
> --Paul Hoffman, Director
> --VPN Consortium
> 
>