niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/tier1/asl-offline-root-trust-1.md
Carl Niklas Rydberg a5537e13d3 Add federation and trust/policy tier1 specs
2026-01-17 08:52:02 +01:00

111 lines
2.1 KiB
Markdown
Raw Blame History

# ASL/OFFLINE-ROOT-TRUST/1 -- Offline Root Trust
Status: Draft
Owner: Architecture
Version: 0.1.0
SoT: No
Last Updated: 2025-01-17
Tags: [trust, roots, offline, authority]
**Document ID:** `ASL/OFFLINE-ROOT-TRUST/1`
**Layer:** L2 -- Trust anchors (no encoding)
**Depends on (normative):**
* `ASL/DAM/1`
**Informative references:**
* `ASL/OCS/1` -- offline certificate system
---
## 0. Conventions
The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119.
ASL/OFFLINE-ROOT-TRUST/1 defines the **offline root trust model** for domains. It does not define encodings.
---
## 1. Purpose
Offline roots define domain legitimacy. They are offline, auditable, and deterministic. They do not provide availability guarantees.
---
## 2. Root Set Definition
A domain MUST trust a fixed, explicit set of offline root public keys:
```text
OfflineRootSet {
version : u32
root_keys[] : PublicKey
threshold : u8
}
```
The root set is snapshot-pinned and rarely changed.
---
## 3. Recommended Root Count
Recommended size: **1 to 3** root keys.
* 1 root: personal or small domains
* 2 roots: separation of duties
* 3 roots: high-value domains
---
## 4. Threshold Rules
* Default threshold is 1.
* If threshold > 1, it MUST be fixed and explicit.
* Verification MUST be order-independent.
---
## 5. What Roots May Sign
Offline roots MAY sign only:
* AuthorityCertificate artifacts
* Root rotation artifacts
* Policy ratification artifacts (optional)
Roots MUST NOT sign artifacts, PERs, snapshots, or TGK edges.
---
## 6. Root Rotation
Root rotation is a constitutional change:
1. Define new root set
2. Old roots sign rotation artifact
3. New snapshots reference the new root set
4. Old snapshots remain valid
---
## 7. Validation Algorithm
To validate authority:
1. Load snapshot
2. Resolve DAM
3. Resolve AuthorityCertificate artifacts
4. Verify certificates against offline root set
5. Check threshold
No timestamps or online checks are required.
---
## 8. Summary
ASL/OFFLINE-ROOT-TRUST/1 defines a small, explicit offline root set that anchors authority and preserves deterministic replay.
Reference in a new issue View git blame Copy permalink