Technical Summary
This document describes a structure for representing trust anchor
information. A trust anchor is an authoritative entity represented
by a public key and associated data. The public key is used to
verify digital signatures and the associated data is used to
constrain the types of information or actions for which the trust
anchor is authoritative. The structures defined in this document are
intended to satisfy the format-related requirements defined in Trust
Anchor Management Requirements.
Working Group Summary
This document entered the working group following the Trust Anchor
Management BOF. Initially, the contents were includes in the Trust
Anchor Management (TAMP) I-D, which presented trust anchor format
and trust anchor management protocol specifications in a single
document. The working group favored separate documents for protocol
specification and format specification. This I-D contains the latter.
The
draft was not particularly controversial, but a number of significant
changes resulted from working group discussion, including support
for additional formats.
There was one noteworthy issue raised that did not result in any
change in the document. It has been noted that the ta-format has
some overlap with the ETSI Trust Status List which is specified
in ETSI TS 102 231, although the goals of each specification are
significantly different. The wg briefly debated whether some
comparison of the two schemes should be included. In the end,
the wg decided that TSL need not be addressed.
Document Quality
The document is well-written and clear. I have been told that there
is an open source implementation in progress. The most common
format used to represent a trust anchor today is a self-signed
certificate and this format is accommodated in this standard.
Personnel
Steve Kent is the Document Shepherd for this document.
Tim Polk is the Responsible Area Director.
RFC Editor Note
In section 2.4, please make the following substitution:
OLD
When taTitleLangTag is absent, English is used.
NEW
When taTitleLangTag is absent, English ("en" language tag) is used.