Greetings again. One of the topics earlier on the mailing list was
defining what a "trust anchor" is. A few of us hammered out the
following words. If folks like them, great, we can move on to harder
topics. If not, let's see if we can coalesce on words that work.
-----
A trust anchor is a public key and associated data used by a relying
party to begin the process of validating a signature on a signed
object. Associated data is used to define the scope of the use of the
trust anchor for validating signatures. For example, associated data
might limit the types of identifiers in certificates that a trust
anchor is allowed to validate.
-----
Given the number of people at the TAM BoF who were confused about
what "associated data" might be, I think it is important for us to
call it out and to give a fairly easy example. Thus, the third
sentence is not technically part of the definition, but it is fairly
important to helping the reader understand what we are talking about.
--Paul Hoffman, Director
--VPN Consortium