Jump to content

Trust anchor

From Wikipedia, the free encyclopedia

This is the current revision of this page, as edited by Citation bot (talk | contribs) at 16:17, 23 January 2024 (Altered template type. Add: date, journal, authors 1-3. Removed parameters. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | Suggested by Abductive | Category:Key management | #UCB_Category 13/93). The present address (URL) is a permanent link to this version.

(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

In cryptographic systems with hierarchical structure, a trust anchor is an authoritative entity for which trust is assumed and not derived.[1]

In the X.509 architecture, a root certificate would be the trust anchor from which the whole chain of trust is derived. The trust anchor must be in the possession of the trusting party beforehand to make any further certificate path validation possible.

Most operating systems provide a built-in list of self-signed root certificates to act as trust anchors for applications. The Firefox web browser also provides its own list of trust anchors. The end-user of an operating system or web browser is implicitly trusting in the correct operation of that software, and the software manufacturer in turn is delegating trust for certain cryptographic operations to the certificate authorities responsible for the root certificates.

See also

[edit]

References

[edit]
  1. ^ Wallace, Carl; Ashmore, Sam; Housley, Russ (June 2010). "Trust Anchor Format". RFC 5914. IETF. Retrieved 2022-03-30.