Hi Erik there are several typos in X.509 in the note of 7.5 Trust Anchor, viz:NOTE – trust anchor is time made synonymous with the term root-CA. In a strict hierarchy, the CA at the top of the hierarchy may be called the root CA. However, in more complex environment, it may not be possible to identify a root CA. Even when it is possible to identify a root CA, a certificate-using system it may not necessarily consider it a trust anchor.
Some intermediate CA may instead take that role. maybe reword this toNOTE – trust anchor has in the past been synonymous with the term root-CA.
In a strict hierarchy, the CA at the top of the hierarchy may be called the root CA. However, in more complex environments, it may not be possible to identify a root CA. Even when it is possible to identify a root CA, a certificate-using system may not necessarily consider it a trust anchor. Some intermediate CA may instead take that role. regards David ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security School of Computing, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@xxxxxxxxxx Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** ----- www.x500standard.com: The central source for information on the X.500 Directory Standard.