We are trying to get a draft prepared to help with discussion at the next IETF meeting.
If you don't mind, we would like to table these comments until the draft is released and address this and other items through the mail list. Please let us know if this is an issue. Thanks, Bruce. -----Original Message----- From: Stephen Kent [mailto:k...@bbn.com] Sent: Monday, October 07, 2013 9:47 AM To: b...@digicert.com Cc: 'Chris Palmer'; 'IƱigo Barreira'; Bruce Morton; wpkops@ietf.org; 'Karen O'Donoghue' Subject: Re: [wpkops] ID on Trust model Ben, > What about this? > > Key store - an application's collection of keys and certificates that may > also identify the purposes for which they may be used, including the root > certificate and associated public key that the application may use as a trust > anchor. A trust anchor is defined as a public key and optional, associated data, so the definition above is not quite right. I suggest removing all use of the term "root" in this doc, to avoid confusion. > Key store governance policy - the policy adopted by a key store manager that > sets forth rules governing the key store, including requirements for root CAs > and subordinate components and entities, such as keys, certificates, > subordinate CAs, and registration authorities. again, kill "root CA" and replace it with "trust anchor." > Root CA - a CA with a self-signed certificate and whose public key is > included as a trust anchor in a key store. see comments above re the problem with this definition. Steve _______________________________________________ wpkops mailing list wpkops@ietf.org https://www.ietf.org/mailman/listinfo/wpkops
