At 2:41 PM -0400 8/16/07, Turner, Sean P. wrote:
(sorry I'm jumping back to this) I think we should add the following as the first sentence: "A trust anchor is an established point of trust, which is usually based on the authority of some person, office or organization." [Shirey] I think we should do this because we jumped right in to how it's used not what it is. I used Rob's definition because I think it hit the mark.
Although Rob worked for me for many years, and I generally like his security glossary, I can't say that I find this definition great.
The definition uses the word "trust," which is generally mushy. It tries to qualify that by alluding to authority, which I think is really is central to the issue, especially for TAM. This may be an example of how an attempt to be very general produces a watered-down definition.
Also, absent the further examples you give, but describe as context-specific, the quoted text is not technically useful, i.e., without the examples the definition doesn't tell me if a TA is a public key or a fruit :-).
Steve