Re: Nailing down the definition of "trust anchor"

[Paul Hoffman <paul.hoffman@xxxxxxxx>]

At 5:04 PM +0200 8/10/07, Leif Johansson wrote:
> Paul Hoffman wrote:
> >  At 3:30 PM -0700 8/9/07, Lucy Lynch wrote:
> > >  Really nit-picky question:
> >
> >  Really nit-picky is quite appropriate at this juncture!
> >
> > >  do you really mean "to begin" or would "in" work... as in:
> > >
> > >  "A trust anchor is a public key and associated data used by a relying
> > >  party in the process of validating a signature on a signed object."
> >
> >  I really meant "to begin" because these are trust anchors, not keys
> >  that might appear in the middle of a validation chain. For example,
> >  assume you are trying to validate key A, which chains to key B, which
> >  chains to key C, which chains to key D which you trust inherently.
> >  Only key D is a trust anchor. Key B and key C are used "in the process
> >  of validating".
> How about "to complete" ?

"To complete" could also mean a middle key. Assume the same example 
above. If I have key A as a trust anchor, key B and key C are still 
used "to complete" the validation process. I don't think we want TAM 
to be distributing "middle" keys (but others might disagree).

--Paul Hoffman, Director
--VPN Consortium