Trust anchor

In cryptographic systems with hierarchical structure, a trust anchor is an authoritative entity for which trust is assumed and not derived.[1]

In X.509 architecture, a root certificate would be the trust anchor from which the whole chain of trust is derived. The trust anchor must be in the possession of the trusting party beforehand to make any further certificate path validation possible.

In most operating systems, the trust anchor is a collection of X.509 certificates of certification authorities that comes preinstalled with the operating system, or is built into an application (such as a web browser). The user is thus ultimately trusting the organization or person who has provided that list of root certificates.

References

  1. "Trust Anchor Format". RFC 5914. IETF. Retrieved February 21, 2013.

See also