Expand description
RFC-001 §1: operator / organization identity certs.
Two cert kinds, both Ed25519 signatures over UTF-8 bytes of a DID:
op_cert— operator’s root key signs the session DID, binding the session under the operator. Carried on the session’s agent card alongsideop_did.member_cert— org’s root key signs an operator’sop_did, binding the operator into the org. Carried on the session’s agent card alongside the operator’sop_did, as an entry inorg_memberships[].
Both certs are leaf-level signatures: a single key-check verifies
one link. The trust chain session_did → op_did → org_did is two
independent verifications, not a chained walk. This matches the
NATS / OIDF / Keybase convergence noted in the RFC’s prior-art
analysis (§Prior art): membership = signed statement, not roster
lookup.
Verification is cryptographic only. Whether a pinned-and-verified
op_did or org_did actually grants ORG_VERIFIED is a separate
policy decision in trust.rs — gated on attestation status (DNS-TXT
or SSO, see amendments) and per-org operator opt-in (filtering
amendment §3). The split keeps the cryptographic floor honest:
“the cert verifies” is a fact about bytes; “we accept this cert as
authority” is a fact about operator policy.
Enums§
Functions§
- sign_
did_ cert - Sign
payload_didwithsigning_key. Returns the base64 cert ready to drop intoop_certormember_cert. - sign_
succession_ cert - Sign a key-rotation succession statement (RFC-001 §T19/§T20): the OLD
key attests “
old_didhands off tonew_did”. Because a wire DID commits to its key, rotating the key mints a new DID — this cert is what lets a peer who pinnedold_didfollow the handoff tonew_did. The new key is not part of this signature; the verifier separately checks thatnew_pubkeycommits tonew_did. - verify_
member_ cert - Verify
member_certwas produced byorg_pubkeyover the UTF-8 bytes ofop_did. Caller must independently ensureorg_pubkeyis the correct key for the claimedorg_did(typically by checking the wireup-registered org attestation, RFC-001 §2). - verify_
op_ cert - Verify
op_cert(b64 Ed25519 signature) was produced byop_pubkeyover the UTF-8 bytes ofsession_did. Caller must independently ensureop_pubkeyis the correct key for the claimedop_did(typically by looking it up in a pinned operator record or by pulling it from the wireup registry’sGET /v1/op/<op_did>endpoint). - verify_
succession_ cert - Verify a succession cert:
old_pubkey(which the caller must independently confirm commits toold_did) signed the canonicalold_did → new_didhandoff forkind. A cert for a differentnew_did,kind, or signer fails.