[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Nailing down the definition of "trust anchor"




At 5:04 PM +0200 8/10/07, Leif Johansson wrote:
Paul Hoffman wrote:

 At 3:30 PM -0700 8/9/07, Lucy Lynch wrote:
 Really nit-picky question:

 Really nit-picky is quite appropriate at this juncture!

 do you really mean "to begin" or would "in" work... as in:

 "A trust anchor is a public key and associated data used by a relying
 party in the process of validating a signature on a signed object."

 I really meant "to begin" because these are trust anchors, not keys
 that might appear in the middle of a validation chain. For example,
 assume you are trying to validate key A, which chains to key B, which
 chains to key C, which chains to key D which you trust inherently.
 Only key D is a trust anchor. Key B and key C are used "in the process
 of validating".

How about "to complete" ?

"To complete" could also mean a middle key. Assume the same example above. If I have key A as a trust anchor, key B and key C are still used "to complete" the validation process. I don't think we want TAM to be distributing "middle" keys (but others might disagree).

--Paul Hoffman, Director
--VPN Consortium