[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Draft Charter

To: "'Stephen Kent'" <kent@xxxxxxx>
Subject: RE: Draft Charter
From: "Turner, Sean P." <turners@xxxxxxxx>
Date: Sat, 18 Aug 2007 12:09:56 -0400
Cc: <ietf-trust-anchor@xxxxxxxx>
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
Organization: IECA, Inc.
References: <> <> <82D5657AE1F54347A734BDD33637C87908C4E04C@xxxxxxxxxxxxxxxxxxxxxxxx> <> <82D5657AE1F54347A734BDD33637C87908C9C5FC@xxxxxxxxxxxxxxxxxxxxxxxx> <> <>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx
Thread-index: Acfg86HTumsqbRseStCENwmI851/rwAvWeZg

>-----Original Message-----
>At 2:41 PM -0400 8/16/07, Turner, Sean P. wrote:
>>(sorry I'm jumping back to this)
>>
>>I think we should add the following as the first sentence:  "A trust 
>>anchor is an established point of trust, which is usually 
>based on the 
>>authority of some person, office or organization." [Shirey] I 
>think we 
>>should do this because we jumped right in to how it's used 
>not what it 
>>is. I used Rob's definition because I think it hit the mark.
>>
>
>Although Rob worked for me for many years, and I generally 
>like his security glossary, I can't say that I find this 
>definition great.
>
>The definition uses the word "trust," which is generally 
>mushy. It tries to qualify that by alluding to authority, 
>which I think is really is central to the issue, especially 
>for TAM. This may be an example of how an attempt to be very 
>general produces a watered-down definition.
>
>Also, absent the further examples you give, but describe as 
>context-specific, the quoted text is not technically useful, 
>i.e., without the examples the definition doesn't tell me if a 
>TA is a public key or a fruit :-).
>
>Steve

I thought there might have been some connection with you and Rob ;)

The glossary's definition had more in the 1st sentence which basically said
what the suggested second sentence said - so I get your point about mushy
fruit. I agree that the authority is a central concept to TAM and that's
what I was alluding to with my context comment.  I think it ought to be in
the definition.  How about:

A trust anchor is a public key and associated data that represents an
authoritative source of some type of information.  Associated data is used
to define the scope of the use of the trust anchor including the authorized
type of information.

spt

Follow-Ups:
- RE: Draft Charter
  - From: Stephen Kent

References:
- Draft Charter
  - From: Turner, Sean P.
- Re: Draft Charter
  - From: Stephen Kent
- RE: Draft Charter
  - From: Santosh Chokhani
- RE: Draft Charter
  - From: Stephen Kent
- RE: Draft Charter
  - From: Santosh Chokhani
- RE: Draft Charter
  - From: Turner, Sean P.
- RE: Draft Charter
  - From: Stephen Kent

Prev by Date: Re: Multiple TAAs
Next by Date: RE: Multiple TAAs
Previous by thread: RE: Draft Charter
Next by thread: RE: Draft Charter
Index(es):
- Date
- Thread