On 5 November 2015 at 15:53, Dave Garrett <davemgarr...@gmail.com> wrote: > "Trusted self-signatures SHOULD be validated before adding to a trust store > and SHOULD NOT be re-checked at runtime." But we're getting slightly out of > scope here, which is why I'm thinking that elaborating on this topic exactly > as suggested is not needed in the document.
A trust anchor is a container for a public key and maybe some ancillary information. You don't actually need to check the signature because the process by which you determine that the information is correct doesn't depend on the signature. For example, the certificates that are in the Mozilla trust store all rely on the fact that you downloaded a valid version of Firefox and the mechanisms by which we safeguard that process. The signatures on trust anchors could be garbage and everything would still be fine. The intent of the change is to point this out. I'll rebase it and maybe add the pointer Russ provided, then we can double check that it's right. Right now, it's all dependent on other PRs and hard to follow. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls