At 7:30 AM -0400 8/24/07, Turner, Sean P. wrote:
As for the TAA definition, how about:
A Trust Anchor Administrator (TAA) is the entity represented by the trust
anchor. The TAA controls the private key of the trust anchor.
A public key with associated crypto parameters and associated
restrictions do not "represent" anyone.
Further, this definition breaks the model we have been discussing,
where a TAA gives the client one or more TAs for the client to
install. This definition causes the client to now have many TAAs, one
for each TA they installed.
Going back to the definition presented in Chicago:
A Trust Anchor Administrator (TAA) is an entity which gives trust
anchor instructions to clients.
This says that anyone can be a TAA, although obviously a particular
client will only listen to one or a small number of TAAs.
--Paul Hoffman, Director
--VPN Consortium
