root of trust
Definition
A root-of-trust is some component of a system that is secure by design and its security characteristics may be inherently trusted or relied upon by other components of the system.
Root-of-trust
Replace human basis-of-trust with cryptographic root-of-trust. With verifiable digital signatures from asymmetric key cryptography we may not trust in “what” was said, but we may trust in “who” said it.
The root-of-trust is consistent attribution via verifiable integral non-repudiable statements.
A root of trust is a foundational component or process in the identity system that is relied on by other components of the system and whose failure would compromise the integrity of the bindings. A root of trust might be primary or secondary depending on whether or not it is replaceable. Primary roots of trust are irreplaceable. Together, the roots of trust form the trust basis for the system.
KERI related
We distinguish a primary root-of-trust in a KEL and a secondary root-of-trust, for example in a TEL or data on a blockchain.