Trust-List vs Trust Anchor vs TLS Trust List

[psavva]

I am having trouble understanding what the usage of application-jks-signing.yml and if/why I should configure it.

In the EU DCC solution, we have the TLS Trust List, and the DGC Gateway which acts as the Trust Anchor.
Why do we have the addition of the Trust-List in the above mentioned file?

The specific feature: #22
mentions issue #10 which again describe a technical requirement, and not really a business requirement, and why it should be included... "The responses of the following routes should include a header with a ECDSA signature"

Should the signature included not be that of the Trust-List, which is all ready defined in application.yml

      trust-anchor:
        alias: ta
        password: dgcg-p4ssw0rd
        path: classpath:trust_anchor.jks

Please help me understand this better as for us to configure it correctly for Cyprus.

Please note that the dockerfile has also not been updated to reflect the change introduced:
\https://github.com/eu-digital-green-certificates/dgca-businessrule-service/blob/main/docker-compose.yml

[psavva]

@daniel-eder Anyways we can get a response for this?

[daniel-eder]

@SchulzeStTSI can you chime in?

[SchulzeStTSI]

@psavva the mentioned feature is a signing of the business rule list provided by the national backend, means NB<-->Wallet/Verifier App. The other trust components are from gateway to national backend(Gateway<--->NB). So far I see it's currently not enabled in the apps, so the configuration of it is optional for the moment.