At 3:30 PM -0700 8/9/07, Lucy Lynch wrote:
On Thu, 9 Aug 2007, Paul Hoffman wrote:
Greetings again. One of the topics earlier on the mailing list was
defining what a "trust anchor" is. A few of us hammered out the
following words. If folks like them, great, we can move on to
harder topics. If not, let's see if we can coalesce on words that
work.
-----
A trust anchor is a public key and associated data used by a
relying party to begin the process of validating a signature on a
signed object. Associated data is used to define the scope of the
use of the trust anchor for validating signatures. For example,
associated data might limit the types of identifiers in
certificates that a trust anchor is allowed to validate.
-----
Paul -
Really nit-picky question:
do you really mean "to begin" or would "in" work... as in:
"A trust anchor is a public key and associated data used by a
relying party in the process of validating a signature on a signed
object."
- Lucy
The definition above is not specific enough to distinguish a TA from
any other public key or cert, because a cert path that is several
hops long will have multiple keys that are "used by a relying party
in the process of validating a signature ..." A TA is special
because it is the starting point for validation, or the end point for
path construction.
Steve
