Trust Model¶

Signing chain¶

Trust Model¶

Component identities¶

Producer Behavior

Producer validates:

• AA public parameters (/aa/PUBPARAMS)

Producer signs:

• Stream manifests (RSA) using stream identity certificates
  
• CK packets (digest)
  
• Encrypted data (digest)

Producer serves:

• Producer certificate
  
• All stream certificates
  

Producer no longer signs manifests with its own identity;

manifests are now signed by stream identities.

Consumer Behavior

The consumer performs the most validation.

Consumer validates:

• AA parameters (RSA)
• DKEY segments (RSA)
• Controller POLICYDATA (RSA)
• Stream manifests (RSA)
• CK packets (digest)
• Encrypted data segments (digest)

All rules validated using the consumers trust schema.

Consumer decrypts:

1. Encrypted application DATA → extract CK name
   
2. Fetch CK → decrypt with DKEY
   
3. Decrypt DATA using CK

The consumer uses three rules:

1. AA public parameters and DKEY validation
   
   /ndn/md2k/mguard/aa/* signed by AA (RSA), chaining to root.

2. Controller POLICYDATA replies
   
   /ndn/md2k/mguard/controller/* signed by controller (RSA), chaining to root.

3. Stream and producer content
   
   /ndn/md2k/mguard/dd40c/*
   
   Allows:

   • sha256 (digest) for encrypted DATA, CK, metadata
     
   • rsa-sha256 for manifests, stream certs
     KeyLocator must be a prefix of the Data name.

All validations ultimately chain back to /ndn/md2k.