At 12:26 PM -0700 8/10/07, Santosh Chokhani wrote:
Would the following do?
A relying party uses the trust anchor and associated information to
verify signature on the first certificate in a certification path.
If there are no certificates (i.e., the trusted anchor has directly
signed an object), the relying party uses the trust anchor and
associated information to verify signature on the signed object.
Not for me. We do not need to be using "certificates" here. A
specific use case that does not involve certificates is a trust
anchor that directly signs objects that the device uses such as trust
anchor management messages.
Even if we are in a PKIX-centric world, not everything is a certificate.
--Paul Hoffman, Director
--VPN Consortium