Add data for trust anchor ID card

[devwiki.git] / design / trust-anchor.mdwn

diff --git a/design/trust-anchor.mdwn b/design/trust-anchor.mdwn
index d2dfdf2..ed0a74d 100644 (file)
--- a/design/trust-anchor.mdwn
+++ b/design/trust-anchor.mdwn
@@ -68,6 +68,15 @@ very consistent on this point.
 * Storing a certificate hash  tends to create operational complexity if
   there is not an update mechanism when servers need to rekey
 
+## What needs to represent a trust anchor on an ID card
+
+* An optional base64-encoded CA certificate (a relatively long base64 string)
+* An optional subject name constraint (string)
+* An optional subject alternative name constraint (string)
+* An optional hash of a server certificate
+
+The server certificate hash field is mutually exclusive with the other fields.
+
 
 ## An option