Trust Model » History » Revision 4
Revision 3 (Suravi Regmi, 11/25/2025 05:17 PM) → Revision 4/9 (Suravi Regmi, 11/25/2025 05:24 PM)
# Trust Model ## Signing chain  --- ## Trust Model  ---- ### Component identities **Producer Behavior** --- Producer validates: - AA public parameters (`/aa/PUBPARAMS`) Producer signs: - Stream manifests (RSA) using stream identity certificates - CK packets (digest) - Encrypted data (digest) Producer serves: - Producer certificate - All stream certificates Producer no longer signs manifests with its own identity; manifests are now signed by stream identities. **Consumer Behavior** The consumer performs the most validation. Consumer validates: - AA parameters (RSA) - DKEY segments (RSA) - Controller POLICYDATA (RSA) - Stream manifests (RSA) - CK packets (digest) - Encrypted data segments (digest) All rules validated using the consumers trust schema. Consumer decrypts: 1. Encrypted application DATA → extract CK name 2. Fetch CK → decrypt with DKEY 3. Decrypt DATA using CK The consumer uses three rules: 1. **AA public parameters and DKEY validation** `/ndn/md2k/mguard/aa/*` signed by AA (RSA), chaining to root. 2. **Controller POLICYDATA replies** `/ndn/md2k/mguard/controller/*` signed by controller (RSA), chaining to root. 3. **Stream and producer content** `/ndn/md2k/mguard/dd40c/*` Allows: - `sha256` (digest) for encrypted DATA, CK, metadata - `rsa-sha256` for manifests, stream certs KeyLocator must be a prefix of the Data name. All validations ultimately chain back to `/ndn/md2k`. What each module verifies