Personally I think "associated data" is enough for now. The exact
types forms/types of the data are less important, no?
But if we do want to clarify it further -- since the one intention is
to perform management functions this "associated data" would seem to
include configuration information appropriate to said management. For
example protocol or port information.
- max
On Aug 9, 2007, at 5:52 PM, Thomas Hardjono wrote:
Paul,
Looks good. Perhaps if the words "associated data" remain too
broad/vague, we could add a further distinction regarding "data":
- TA description data: information about the type of key,
key length, algorithm etc (ie. the usual profile related
info) of the TA public key.
- TA usage data: namely the scope of the use of the trust anchor.
/thomas/
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Paul Hoffman
Sent: Thursday, August 09, 2007 3:20 PM
To: ietf-trust-anchor@vpnc.org
Subject: Nailing down the definition of "trust anchor"
Greetings again. One of the topics earlier on the mailing
list was defining what a "trust anchor" is. A few of us
hammered out the following words. If folks like them, great,
we can move on to harder topics. If not, let's see if we can
coalesce on words that work.
-----
A trust anchor is a public key and associated data used by a
relying party to begin the process of validating a signature
on a signed object. Associated data is used to define the
scope of the use of the trust anchor for validating
signatures. For example, associated data might limit the
types of identifiers in certificates that a trust anchor is
allowed to validate.
-----
Given the number of people at the TAM BoF who were confused
about what "associated data" might be, I think it is
important for us to call it out and to give a fairly easy
example. Thus, the third sentence is not technically part of
the definition, but it is fairly important to helping the
reader understand what we are talking about.
--Paul Hoffman, Director
--VPN Consortium
