[x500standard] Trust Anchor defn
- From: David Chadwick <d.w.chadwick@xxxxxxxxxx>
- To: x500standard@xxxxxxxxxxxxx
- Date: Fri, 15 Jul 2011 12:48:37 +0100
Hi Erik
there are several typos in X.509 in the note of 7.5 Trust Anchor, viz:
NOTE – trust anchor is time made synonymous with the term
root-CA. In a strict hierarchy, the CA at the top of the
hierarchy may be called the root CA. However, in more complex
environment, it may not be possible to identify a root CA.
Even when it is possible to identify a root CA, a certificate-using
system it may not necessarily consider it a trust anchor.
Some intermediate CA may instead take that role.
maybe reword this to
NOTE – trust anchor has in the past been synonymous with the
term root-CA.
In a strict hierarchy, the CA at the top of the
hierarchy may be called the root CA. However, in more complex environments,
it may not be possible to identify a root CA.
Even when it is possible to identify a root CA, a certificate-using system
may not necessarily consider it a trust anchor.
Some intermediate CA may instead take that role.
regards
David
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@xxxxxxxxxx
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
-----
www.x500standard.com: The central source for information on the X.500 Directory
Standard.
Other related posts:
- » [x500standard] Trust Anchor defn - David Chadwick
