niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/tier1/asl-auth-1.md
Carl Niklas Rydberg fabace7616 Reorganize notes into tier1/ops docs
2026-01-17 10:33:23 +01:00

2.6 KiB
Raw Blame History

ASL/AUTH/1 -- Authority, Certificates, and Trust Pins

Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2025-01-17 Tags: [authority, certificates, trust, policy]

Document ID: ASL/AUTH/1 Layer: L2 -- Authority and trust semantics (no transport)

Depends on (normative):

  • ASL/DAM/1
  • ASL/OCS/1
  • ASL/POLICY-HASH/1
  • ASL/LOG/1

Informative references:

  • ASL/OFFLINE-ROOT-TRUST/1
  • ASL/DOMAIN-MODEL/1
  • PER/SIGNATURE/1

0. Conventions

The key words MUST, MUST NOT, REQUIRED, SHOULD, and MAY are to be interpreted as in RFC 2119.

ASL/AUTH/1 defines authority, certificates, and trust pin semantics. It does not define encodings or transport.

1. Purpose

ASL/AUTH/1 defines how domains establish authority, how certificates record authority, and how foreign domains are pinned for trust.

2. First Principle (Normative)

Certificates do not create authority. They record it.

Authority exists because a domain controls its roots and DAM. Certificates make authority verifiable and replayable.

3. Certificate Lifecycle (Normative)

3.1 Virgin State

Before any certificates exist:

  • Domains and logs exist.
  • Artifacts and PERs exist.
  • No authority is asserted or trusted.

3.2 Root Authority

A root authority certificate:

  • Is self-signed.
  • Is created offline.
  • Is stored as an artifact (public component only).
  • MUST NOT be used for runtime signing.

3.3 Domain Authority

A domain authority certificate binds:

  • Domain identity
  • Root public keys
  • Policy hash

Domain authority certificates MUST be created offline and referenced by the domain DAM.

4. Trust Pins (Normative)

A trust pin is a local policy binding for a foreign domain.

Rules:

  • Pins MUST include domain ID, policy hash, and root key fingerprint(s).
  • Pins MUST be explicit and local; they do not imply reciprocity.
  • Admission MUST verify pin compatibility before including foreign state.

5. PER Signing (Informative)

PER signatures MAY be required by policy. If required:

  • The signing key MUST be authorized by the DAM.
  • The signature MUST bind snapshot and logseq.
  • Validation MUST follow PER/SIGNATURE/1.

6. Foreign Domain Trust (Normative)

Foreign domains are trusted only if:

  1. The domain is admitted under ASL/DAP/1.
  2. Its policy hash is compatible with local policy.
  3. A trust pin exists matching the admitted domain.

7. Non-Goals

ASL/AUTH/1 does not define:

  • Transport or replication protocols
  • Certificate encodings
  • Operational workflows for key custody
  • Witness rotation procedures