[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: TAA definition

To: <paul.hoffman@xxxxxxxx>, <turners@xxxxxxxx>, <kent@xxxxxxx>
Subject: RE: TAA definition
From: Black_David@xxxxxxx
Date: Fri, 24 Aug 2007 11:12:47 -0400
Cc: <ietf-trust-anchor@xxxxxxxx>
In-reply-to: <>
List-archive: <http://www.vpnc.org/ietf-trust-anchor/mail-archive/>
List-id: <ietf-trust-anchor.vpnc.org>
List-unsubscribe: <mailto:ietf-trust-anchor-request@vpnc.org?body=unsubscribe>
References: <> <> <> <>
Sender: owner-ietf-trust-anchor@xxxxxxxxxxxxx
Thread-index: AcfmXs6vDC0TB1L9Rb+1yIh1K0Bc2QAAYMLA
Thread-topic: TAA definition

> >As for the TAA definition, how about:
> >
> >A Trust Anchor Administrator (TAA) is the entity represented by the
trust
> >anchor.  The TAA controls the private key of the trust anchor.
> 
> A public key with associated crypto parameters and associated 
> restrictions do not "represent" anyone.
> 
> Further, this definition breaks the model we have been discussing, 
> where a TAA gives the client one or more TAs for the client to 
> install. This definition causes the client to now have many TAAs, one 
> for each TA they installed.

I agree.  A Trust Store Anchor may correspond to a TAA, but the trust
anchors that are installed clearly do not (e.g., Verisign's trust
anchors will be installed by a lot of entities that aren't part of
Verisign).
 
> Going back to the definition presented in Chicago:
> 
> A Trust Anchor Administrator (TAA) is an entity which gives trust 
> anchor instructions to clients.
> 
> This says that anyone can be a TAA, although obviously a particular 
> client will only listen to one or a small number of TAAs.

And if we want to formalize local identification and authorization
of the TAA, I suggest introducing the concept of a Trust Store Anchor.

Thanks,
--David
----------------------------------------------------
David L. Black, Senior Technologist
EMC Corporation, 176 South St., Hopkinton, MA  01748
+1 (508) 293-7953             FAX: +1 (508) 293-7786
black_david@xxxxxxx        Mobile: +1 (978) 394-7754
----------------------------------------------------

References:
- Revised draft charter
  - From: Turner, Sean P.
- Re: Revised draft charter
  - From: Stephen Kent
- RE: Revised draft charter
  - From: Turner, Sean P.
- TAA definition
  - From: Paul Hoffman

Prev by Date: TAA definition
Next by Date: RE: TAA definition
Previous by thread: TAA definition
Next by thread: RE: TAA definition
Index(es):
- Date
- Thread