|
NSA is reportedly developing a protocol for trust
anchor management, possibly intended to become a PKIX WG item.
Reference: http://cryptome.org/poet-docs.htm item
44.
Although there seems to be no public data
available, I believe that the concept of maintaining trust anchor stores through
a protocol would if applied to networking, be similar to a protocol for
maintaining "hosts" files rather than using DNS. When trust anchor
handling needs automation, a more universal approach is to off-load validation
using a protocol like SCVP. In fact, SCVP principles are already widely
deployed for in-house systems where trust management is performed in one
place. Off-loaded validation also copes with EE-certificate revocation,
policy filtering, and similar things that appear to be out of scope for a
trust-anchor-focused system.
TAMP have one advantage of SCVP and that is that it
may work in off-scenarios as well. Given the fact that billions of people
rely on on-line services, the off-line argument seems pretty
week.
Just my 2 cents
Anders Rundgren
|