[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Draft Charter

To: <ietf-trust-anchor@xxxxxxxx>
Subject: RE: Draft Charter
From: "Turner, Sean P." <turners@xxxxxxxx>
Date: Thu, 16 Aug 2007 14:41:06 -0400
In-reply-to: <82D5657AE1F54347A734BDD33637C87908C9C5FC@xxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
Organization: IECA, Inc.
References: <> <> <82D5657AE1F54347A734BDD33637C87908C4E04C@xxxxxxxxxxxxxxxxxxxxxxxx> <> <82D5657AE1F54347A734BDD33637C87908C9C5FC@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx
Thread-index: AcfbikY5o6WD6Zc5T5G/BbaIAISlcwAJsl/AASCKZrA=

(sorry I'm jumping back to this)

I think we should add the following as the first sentence:  "A trust anchor
is an established point of trust, which is usually based on the authority of
some person, office or organization." [Shirey] I think we should do this
because we jumped right in to how it's used not what it is. I used Rob's
definition because I think it hit the mark.

(I think) The rest of the argument about the TA definition is then based on
the context in which you want to use the TA.  As the basis of trust for a
PKI, the Relying Party (RP) uses the TA to verify signatures on public key
certificates.  As the basis of trust for object X (which happens to be
directly signed by a TA), the RP uses the TA to verify the signatures on
object X.

If we added the first sentence and modified what was below to: "In a PKI
context, a relying party uses a trust anchor to verify the signature on the
first certificate in a certification path or a CRL signed directly by the
TA.  In other contexts, a relying party uses a trust anchor directly to
verify the signature on a signed object when no certification path is
involved."

?

spt 

[Shirey] Shirey, R., "Internet Security Glossary, Version 2",
work-in-progress, November 2006.

________________________________

	From: owner-ietf-trust-anchor@xxxxxxxxxxxxx
[mailto:owner-ietf-trust-anchor@xxxxxxxxxxxxx] On Behalf Of Santosh Chokhani
	Sent: Friday, August 10, 2007 8:47 PM
	To: Stephen Kent
	Cc: ietf-trust-anchor@xxxxxxxx
	Subject: RE: Draft Charter

	Steve,

	Sounds good.

	________________________________

		From: Stephen Kent [mailto:kent@xxxxxxx] 
	Sent: Friday, August 10, 2007 3:58 PM
	To: Santosh Chokhani
	Cc: ietf-trust-anchor@xxxxxxxx
	Subject: RE: Draft Charter

	 

	At 12:26 PM -0700 8/10/07, Santosh Chokhani wrote:

		Steve,

		Would the following do?

	slightly re-worded, to reflect the notion that a TA consists of both
a public key and associated info, and that one verifies a signature with a
TA, vs. signing an object with a TA:

	"A relying party uses a trust anchor to verify the signature on the
first certificate in a certification path, or is used to directly verify the
signature on a signed object when no certification path is involved."

Follow-Ups:
- RE: Draft Charter
  - From: Stephen Kent

References:
- Draft Charter
  - From: Turner, Sean P.
- Re: Draft Charter
  - From: Stephen Kent
- RE: Draft Charter
  - From: Santosh Chokhani
- RE: Draft Charter
  - From: Stephen Kent
- RE: Draft Charter
  - From: Santosh Chokhani

Prev by Date: RE: Issue with the requirements document: PKIX-centric terminology
Next by Date: RE: Draft Charter
Previous by thread: RE: Draft Charter
Next by thread: RE: Draft Charter
Index(es):
- Date
- Thread