[IPP] NIST definitions of Trust Anchor (broader than Trusted Root)

[IPP] NIST definitions of Trust Anchor (broader than Trusted Root)

Ira McDonald blueroofmusic at gmail.com
Thu May 18 18:29:49 UTC 2023 

Hi,

To replace "Trusted Root" in IPP OAuth Extensions, I suggest "Trust Anchor"
from my latest ballot draft of SAE J3323 Trust Anchors and Authentication:


3.114 Trust Anchor

A public or symmetric key that is trusted because it is directly built into
hardware or software, or securely provisioned via out-of-band means, rather
than because it is vouched for by another trusted entity (e.g. in a public
key certificate). A trust anchor may have name or policy constraints
limiting its scope. [NISTSP800-63-3]

1. An authoritative entity for which trust is assumed. In a PKI, a trust
anchor is a certification authority, which is represented by a certificate
that is used to verify the signature on a certificate issued by that
trust-anchor. The security of the validation process depends upon the
authenticity and integrity of the trust anchor’s certificate. Trust anchor
certificates are often distributed as self-signed certificates.
[NISTSP800-57pt1r5]
2. The self-signed public key certificate of a trusted CA.
[NISTSP800-57pt1r5]


And here are the two referenced documents:

NISTSP800-57pt1r5] US NIST, Recommendation for Key Management: Part 1 –
General, SP800-57 Part 1 Revision 5, May 2020.

https://doi.org/10.6028/NIST.SP.800-57pt1r5

[NISTSP800-63-3] US NIST, Digital Identity Guidelines, SP800-63-3, June
2017.
https://doi.org/10.6028/NIST.SP.800-63-3

Cheers,
- Ira

*Ira McDonald (Musician / Software Architect)*

*Chair - SAE Trust Anchors and Authentication TF*
*Co-Chair - TCG Trusted Mobility Solutions WG*

*Co-Chair - TCG Metadata Access Protocol SG*








*Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer
Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF
Designated Expert - IPP & Printer MIBBlue Roof Music / High North
Inchttp://sites.google.com/site/blueroofmusic
<http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc
<http://sites.google.com/site/highnorthinc>mailto: blueroofmusic at gmail.com
<blueroofmusic at gmail.com>(permanent) PO Box 221  Grand Marais, MI 49839
906-494-2434*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20230518/1a6999fa/attachment.html>

More information about the ipp mailing list