Trust anchor clarity in registration policies

SteveLasker · SteveLasker · commit 6bb7789cd4cd · 2024-09-30T17:08:15.000-07:00
Signed-off-by: steve lasker &lt;stevenlasker@hotmail.com&gt;
diff --git a/draft-ietf-scitt-architecture.md b/draft-ietf-scitt-architecture.md
@@ -397,9 +397,7 @@ Multi-tenant support can be enabled through the use of identifiers in the `iss`
 
 Registration Policies refer to additional checks over and above the Mandatory Registration Checks that are performed before a Signed Statement is accepted to be registered to the Append-only Log.
 
-Transparency Services MUST maintain Registration Policies.
-
-Transparency Services MUST also maintain a list of trust anchors, which SHOULD be used by Relying Parties to authenticate Issuers, and which MAY be included in a Registration Policy statement.
+Transparency Services MUST maintain Registration Policies and a list of trust anchors to authenticate Issuers upon Registration.
 For instance, a trust anchor could be an X.509 root certificate, a pointer to an OpenID Connect identity provider, or any other COSE-compatible trust anchor.
 
 Registration Policies and trust anchors MUST be made transparent and available to all Relying Parties of the Transparency Service by registering them as Signed Statements on the Append-only Log, and distributing the associated Receipts.
