Update draft-ietf-scitt-architecture.md

SteveLasker · OR13 · web-flow · commit f38f8bb5212c · 2024-10-08T07:31:32.000-07:00
Co-authored-by: Orie Steele &lt;orie@or13.io&gt;
diff --git a/draft-ietf-scitt-architecture.md b/draft-ietf-scitt-architecture.md
@@ -397,7 +397,9 @@ Multi-tenant support can be enabled through the use of identifiers in the `iss`
 
 Registration Policies refer to additional checks over and above the Mandatory Registration Checks that are performed before a Signed Statement is accepted to be registered to the Append-only Log.
 
-Transparency Services MUST maintain Registration Policies and a list of trust anchors to authenticate Issuers upon Registration.
+Transparency Services MUST maintain Registration Policies.
+Transparency Services MUST maintain a list of trust anchors as described in _TBD_.
+Transparency Services MUST authenticate signed statements as part of a Registration Policy.
 For instance, a trust anchor could be an X.509 root certificate, a pointer to an OpenID Connect identity provider, or any other COSE-compatible trust anchor.
 
 Registration Policies and trust anchors MUST be made transparent and available to all Relying Parties of the Transparency Service by registering them as Signed Statements on the Append-only Log, and distributing the associated Receipts.
