Sovereign PKI

Sovereign PKI (RFC-0016)

Mission: Eliminate Certificate Authorities from all internal authentication. Trust is computed, not delegated.

Libertaria replaces the X.509 trust chain with three mechanisms: DID-authenticated Noise sessions, QVL scalar trust computation, and a compatibility shim for legacy TLS endpoints. No CA. No chain. No rent.

Architecture

┌─────────────────────────────────────────────────────┐
│  LEGACY WORLD (Browsers, API Clients)               │
│  TLS + X.509 at boundary ONLY                       │
├────────────┬────────────────────────────────────────┤
│  Option A  │  Option B                               │
│  ACME cert │  Self-issued X.509                      │
│  (browser) │  (API clients)                          │
├────────────┴────────────────────────────────────────┤
│  ═══════ BOUNDARY ═══════════════════════════════    │
│  TLS terminates here. X.509 stops here.              │
├─────────────────────────────────────────────────────┤
│  SOVEREIGN MESH                                      │
│                                                      │
│  ┌──────────────────┐  ┌─────────────────────────┐  │
│  │  Noise XX         │  │  QVL Trust Graph        │  │
│  │  DID-Authenticated│  │  Scalar trust (0.0-1.0) │  │
│  │  X25519 static =  │  │  A* pathfinding         │  │
│  │  SoulKey X25519   │  │  Temporal decay          │  │
│  └──────────────────┘  │  Bellman-Ford betrayal   │  │
│                         └─────────────────────────┘  │
│                                                      │
│  ┌──────────────────┐  ┌─────────────────────────┐  │
│  │  Revocation       │  │  Larval Identity        │  │
│  │  Gossip (fast)    │  │  Bootstrap vouches      │  │
│  │  QVL decay (sure) │  │  3 vouches → graduated  │  │
│  └──────────────────┘  └─────────────────────────┘  │
└─────────────────────────────────────────────────────┘

The Three Moves

Move 1: DID-Authenticated Noise Sessions

Every inter-node connection is a Noise XX handshake. Both sides prove DID ownership via SKH-derived X25519 keys. The critical binding:

The Noise static key MUST be the X25519 key from the presenting DID’s current SoulKey.

Post-handshake, the verifier resolves the peer’s DID Document and checks the X25519 public key matches the Noise static key. Mismatch → connection dies.

Rejection criteria:

Error	Condition
`PeerKeyNotInDocument`	Remote static key not in peer’s DID X25519 methods
`PeerDeactivated`	Peer’s DID has been deactivated (INV-6)
`NoKeyAgreementMethods`	Peer has no X25519 methods registered

Scope: ALL inter-node transport. Capsule-to-capsule, Chapter federation, relay circuits, gossip peering, service discovery. Zero exceptions.

Move 2: QVL Replaces the Trust Chain

CAs answer binary: trusted or not. QVL answers scalar: how much do I trust this, from my position in the graph?

Authorization flow:

Noise handshake completes, DID verified
Lookup peer in local CompactTrustGraph
Direct edge? → Authorize at edge level
No direct edge? → A* pathfinding (max 6 hops)
No path? → Larval Identity bootstrap
Score subject to temporal decay

Trust thresholds are per-node. Each operator sets their own policy – gossip relay at 0.2, messaging at 0.4, value transfer at 0.8. No global authority dictates trust levels.

Move 3: Compatibility Shim

For endpoints that must speak TLS to the legacy world:

Mode	Use Case	How
Option A	Browser-facing HTTPS	ACME/Let’s Encrypt cert, domain bound to DID via `serviceEndpoint`
Option B	API clients resolving `did:sovereign-skh1:`	Self-issued X.509, `SubjectAltName: URI:did:sovereign-skh1:{did}`

Both are boundary-only. Inside the mesh, X.509 never appears.

Distributed Revocation

Two independent mechanisms – belt and suspenders:

Gossip (Fast Path)

A pki_revoke (0x0733) QuasarVector distributed via Plumtree. Gossip topic: $DID/{did}/pki/revoke (retained).

Requirements: 2+ witness counter-signatures for full revocation. Self-revocation (voluntary) is immediate – no witnesses needed.

QVL Decay (Immune Response)

When a pki_revoke vector is processed:

Inject RiskEdge with risk = -0.5
Bellman-Ford detects negative cycle → SlashSignal
Trust score decays toward zero

Even without gossip delivery, graph updates degrade the score through independent paths.

Revocation Window

Mechanism	Latency	Coverage
OCSP (CA)	1-24 hours	Depends on responder
CRL (CA)	1-7 days	Depends on distribution
Revocation Gossip	~3 seconds	90%+ mesh
QVL Decay	30-120 seconds	100% (convergence)

Larval Identity

Cold-start solution for new nodes with zero trust history.

Property	Value
Vouch type	`trust_grant` (0x0730) with `first_contact = true`
Trust depth	Direct only (no transitivity)
Visibility	Bilateral (only voucher and vouchee see it)
TTL	48 hours
Graduation	3 independent vouches from distinct DIDs
Rate limit	10 msgs/min while larval
Anti-Sybil	Argon2 entropy stamp (difficulty ≥ 16)

Wire Format

New VectorTypes

pki_revoke = 0x0733   // Key or DID revocation event
pki_attest = 0x0734   // "I verified this DID's key binding"

RevocationVector (CBOR)

Field	Size	Description
target_did	32B	DID being revoked
target_key_id	32B	Specific key (zeros = full DID)
reason	1B	KeyCompromise / DIDCompromise / Voluntary / SlashEvidence
evidence_hash	32B	BLAKE3 of evidence payload
issuer_did	32B	Who is revoking
issuer_signature	64B	Ed25519
counter_signatures	N×64B	Witness co-signs
timestamp	12B	SovereignTimestamp

Total: ~205B payload + ~25B CBOR framing + 64B per counter-signature.

Kenya Rule Compliance

Component	RAM	Binary Delta	Cloud	Kenya?
DID-Auth (Move 1)	<1 MB	+0 KB	None	Yes
QVL Trust (Move 2)	<2 MB	+0 KB	None	Yes
Revocation Gossip	<500 KB	+3 KB	None	Yes
X.509 Bridge	<200 KB	+5 KB	None	Yes
ACME Client	<1 MB	+10 KB	ACME	Opt-in

Specifications

RFC-0016 – Sovereign PKI: Certificate Authority Elimination Protocol
SPEC-016 – Sovereign PKI Design Specification
RFC-0015 – Transport Skins (Noise integration)
RFC-0120 – Quasar Vector Lattice
RFC-0140 – Libertaria SSI Stack