Trust anchor: Difference between revisions
m Updated RFC Doc link |
No edit summary |
||
| Line 2: | Line 2: | ||
In [[cryptography|cryptographic]] systems with hierarchical structure, a '''trust anchor''' is an authoritative entity for which trust is assumed and not derived.<ref>{{cite web | url=https://datatracker.ietf.org/doc/html/rfc5914 | title=Trust Anchor Format | publisher=IETF | work=RFC 5914 | accessdate=March 30, 2022}}</ref> |
In [[cryptography|cryptographic]] systems with hierarchical structure, a '''trust anchor''' is an authoritative entity for which trust is assumed and not derived.<ref>{{cite web | url=https://datatracker.ietf.org/doc/html/rfc5914 | title=Trust Anchor Format | publisher=IETF | work=RFC 5914 | accessdate=March 30, 2022}}</ref> |
||
In [[X.509]] architecture, a [[root certificate]] would be the trust anchor from which the whole [[chain of trust]] is derived. The trust anchor must be in the possession of the trusting party beforehand to make any further [[Certification path validation algorithm|certificate path validation]] possible. |
In the [[X.509]] architecture, a [[root certificate]] would be the trust anchor from which the whole [[chain of trust]] is derived. The trust anchor must be in the possession of the trusting party beforehand to make any further [[Certification path validation algorithm|certificate path validation]] possible. |
||
Most operating systems provide a built-in list of self-signed [[Root certificate|root certificates]] to act as trust anchors for applications. The [[Firefox]] web browser also provides its own list of trust anchors. The end-user of an operating system or web browser is implicitly trusting in the correct operation of that software, and the software manufacturer in turn is delegating trust for certain cryptographic operations to the [[Certificate authority|certificate authorities]] responsible for the root certificates. |
Most operating systems provide a built-in list of self-signed [[Root certificate|root certificates]] to act as trust anchors for applications. The [[Firefox]] web browser also provides its own list of trust anchors. The end-user of an operating system or web browser is implicitly trusting in the correct operation of that software, and the software manufacturer in turn is delegating trust for certain cryptographic operations to the [[Certificate authority|certificate authorities]] responsible for the root certificates. |
||
Revision as of 12:33, 11 October 2022
In cryptographic systems with hierarchical structure, a trust anchor is an authoritative entity for which trust is assumed and not derived.[1]
In the X.509 architecture, a root certificate would be the trust anchor from which the whole chain of trust is derived. The trust anchor must be in the possession of the trusting party beforehand to make any further certificate path validation possible.
Most operating systems provide a built-in list of self-signed root certificates to act as trust anchors for applications. The Firefox web browser also provides its own list of trust anchors. The end-user of an operating system or web browser is implicitly trusting in the correct operation of that software, and the software manufacturer in turn is delegating trust for certain cryptographic operations to the certificate authorities responsible for the root certificates.
References
- ^ "Trust Anchor Format". RFC 5914. IETF. Retrieved March 30, 2022.
 | This computer security article is a stub. You can help Wikipedia by expanding it. |