Ben,
What about this?
Key store – an application’s collection of keys and certificates that may also
identify the purposes for which they may be used, including the root
certificate and associated public key that the application may use as a trust
anchor.
A trust anchor is defined as a public key and optional, associated data,
so the definition
above is not quite right. I suggest removing all use of the term "root"
in this doc, to
avoid confusion.
Key store governance policy – the policy adopted by a key store manager that
sets forth rules governing the key store, including requirements for root CAs
and subordinate components and entities, such as keys, certificates,
subordinate CAs, and registration authorities.
again, kill "root CA" and replace it with "trust anchor."
Root CA – a CA with a self-signed certificate and whose public key is included
as a trust anchor in a key store.
see comments above re the problem with this definition.
Steve
_______________________________________________
wpkops mailing list
wpkops@ietf.org
https://www.ietf.org/mailman/listinfo/wpkops