David:I think we need to think about the degree of delegation that we want to permit. I can imagine an enterprise permitting a contracted service to provide some support here. However, the one thing that the do not want the contracted service to do is remove the enterprise from the picture. That would prevent the enterprise from changing providers.
So, I can imagine the enterprise holding an all-powerful TA, and using this to add and delete TA administration privileges for the trust anchor stores in the devices and software packages that are used in the enterprise. The TA administration privilege must not be sufficient to become the all-powerful TA. I see no reason for there to me more than one all-powerful TA as long as the all-powerful TA can be used to make updates to the all-powerful TA, say when two enterprises merge.
Russ At 12:11 PM 8/17/2007, Black_David@xxxxxxx wrote:
My preference is that managing different privileges for multiple TAAs administering the same trust anchor store ought to be out of scope, unless someone has a compelling use case with which to argue otherwise.