[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Nailing down the definition of "trust anchor"
At 5:04 PM +0200 8/10/07, Leif Johansson wrote:
Paul Hoffman wrote:
At 3:30 PM -0700 8/9/07, Lucy Lynch wrote:
Really nit-picky question:
Really nit-picky is quite appropriate at this juncture!
do you really mean "to begin" or would "in" work... as in:
"A trust anchor is a public key and associated data used by a relying
party in the process of validating a signature on a signed object."
I really meant "to begin" because these are trust anchors, not keys
that might appear in the middle of a validation chain. For example,
assume you are trying to validate key A, which chains to key B, which
chains to key C, which chains to key D which you trust inherently.
Only key D is a trust anchor. Key B and key C are used "in the process
How about "to complete" ?
"To complete" could also mean a middle key. Assume the same example
above. If I have key A as a trust anchor, key B and key C are still
used "to complete" the validation process. I don't think we want TAM
to be distributing "middle" keys (but others might disagree).
--Paul Hoffman, Director