A CA with one or more trusted certificates containing public keys that exist at the base of a tree of trust or as the strongest link in a chain of trust and upon which a Public Key Infrastructure is constructed.
“Trust anchor” also refers to the certificate of this CA.
Sources:
NIST SP 800-152
under Trust anchor
A public or symmetric key that is trusted because it is directly built into hardware or software, or securely provisioned via out-of-band means, rather than because it is vouched for by another trusted entity (e.g. in a public key certificate). A trust anchor may have name or policy constraints limiting its scope.
Sources:
NIST SP 800-63-3
under Trust Anchor
A configured DNSKEY RR or DS RR hash of a DNSKEY RR. A validating DNSSEC-aware resolver uses this public key or hash as a starting point for building the authentication chain to a signed DNS response. In general, a validating resolver will need to obtain the initial values of its trust anchors via some secure or trusted means outside the DNS protocol. The presence of a trust anchor also implies that the resolver should expect the zone to which the trust anchor points to be signed. This is sometimes referred to as a “secure entry point.”
Sources:
NIST SP 800-81-2
under Trust Anchor
An authoritative entity represented by a public key and associated data (see RFC 5914).
Sources:
NIST SP 800-57 Part 2 Rev.1
under Trust anchor
An established point of trust (usually based on the authority of some person, office, or organization) from which an entity begins the validation of an authorized process or authorized (signed) package. A "trust anchor" is sometimes defined as just a public key used for different purposes (e.g., validating a certification authority (CA), validating a signed software package or key, validating the process (or person) loading the signed software or key).
Sources:
CNSSI 4009-2015
1. An authoritative entity for which trust is assumed. In a PKI, a trust anchor is a certification authority, which is represented by a certificate that is used to verify the signature on a certificate issued by that trust-anchor. The security of the validation process depends upon the authenticity and integrity of the trust anchor’s certificate. Trust anchor certificates are often distributed as self-signed certificates. 2. The self-signed public key certificate of a trusted CA.
Sources:
NIST SP 800-57 Part 1 Rev. 5
under Trust anchor
The key for a certificate authority who issues certificates or authorizes others to do so on its behalf
Sources:
NISTIR 7682
under Trust anchor