Trust Model » History » Revision 8
Revision 7 (Suravi Regmi, 11/25/2025 05:29 PM) → Revision 8/9 (Suravi Regmi, 11/25/2025 05:30 PM)
# Trust Model ## Signing chain  --- ## Trust Model  ---- ## Component identities **Root / Site CA** **Identity:** `/ndn/md2k` **Type:** Self-signed root CA **Trust Anchor:** `md2k-trust-anchor.ndncert` All components ultimately chain to this root. Consumers load this file so they can trust any certificate issued under `/ndn/md2k`. --- ### ## **Identities Signed by the Root CA** The root `/ndn/md2k` signs: - `/ndn/md2k/mguard/controller` - `/ndn/md2k/mguard/aa` - `/ndn/md2k/mguard/dd40c` (producer) - All consumer identities (example: `/ndn/md2k/adam`) --- ### ## **Stream Identities Signed by the Producer** The producer identity `/ndn/md2k/mguard/dd40c` signs all stream identities: - `/ndn/md2k/mguard/dd40c/phone/accelerometer` - `/ndn/md2k/mguard/dd40c/phone/gyroscope` - `/ndn/md2k/mguard/dd40c/phone/gps` - `/ndn/md2k/mguard/dd40c/phone/battery` - `/ndn/md2k/mguard/dd40c/data_analysis/gps_episodes_and_semantic_location` These stream identities are used to sign **manifests**, **encrypted DATA**, and **CK packets**. The producer must now serve the certificates for these streams (interest filter on each stream's certificate prefix). --- ### ## **Producer Behavior** Producer validates: - AA public parameters (`/aa/PUBPARAMS`) Producer signs: - Stream manifests (RSA) using stream identity certificates - CK packets (digest) - Encrypted data (digest) Producer serves: - Producer certificate - All stream certificates Producer no longer signs manifests with its own identity; manifests are now signed by stream identities. --- ### ## **Consumer Behavior** The consumer performs the most validation. Consumer validates: - AA parameters (RSA) - DKEY segments (RSA) - Controller POLICYDATA (RSA) - Stream manifests (RSA) - CK packets (digest) - Encrypted data segments (digest) All rules validated using the consumers trust schema. Consumer decrypts: 1. Encrypted application DATA → extract CK name 2. Fetch CK → decrypt with DKEY 3. Decrypt DATA using CK The consumer uses three rules: 1. **AA public parameters and DKEY validation** `/ndn/md2k/mguard/aa/*` signed by AA (RSA), chaining to root. 2. **Controller POLICYDATA replies** `/ndn/md2k/mguard/controller/*` signed by controller (RSA), chaining to root. 3. **Stream and producer content** `/ndn/md2k/mguard/dd40c/*` Allows: - `sha256` (digest) for encrypted DATA, CK, metadata - `rsa-sha256` for manifests, stream certs KeyLocator must be a prefix of the Data name. All validations ultimately chain back to `/ndn/md2k`.