Sovereign TLS Pinning Specification

HPKE-secured mTLS with Ed25519 certificate pinning and a sovereign-only Certificate Authority. Certificate transparency log on the SIGIL ledger. Zero US CA dependency. Zero CLOUD Act exposure. NCSC SC-01 CAF B3 compliant.

0
US CAs
3
Pin Strategies
90d
Cert Rotation
7yr
CT Log Retention

1. Why Sovereign TLS Pinning?

Conventional TLS relies on the WebPKI: Let's Encrypt (US 501c3), DigiCert (US private), Sectigo (US private), Google Trust Services (US), and dozens of other CAs all subject to US jurisdiction. For a UK Ministry of Defence or NHS deployment, every TLS handshake presents the peer's certificate to a chain that ultimately roots in a US CA. This creates CLOUD Act exposure on every connection and allows nation-state attackers with US-CA coercion to forge certificates for MITM.

DEFONEOS operates its own sovereign Certificate Authority on UK-sovereign hardware (Oracle UK-South + MacBook M4 Pro Secure Enclave + GCHQ-certified cluster), with Ed25519-based certificate pinning at every endpoint, and a certificate transparency log recorded on the SIGIL ledger. The WebPKI is rejected entirely. Every TLS handshake is between two DEFONEOS nodes whose cert chains terminate in the sovereign CA root.

Sovereignty invariant: No DEFONEOS endpoint trusts a WebPKI CA. No TLS handshake depends on a non-UK CA root. No certificate is issued by or verifiable through a US-incorporated authority.

2. Sovereign CA Architecture

Root CA (offline, air-gapped)

The DEFONEOS Root CA lives on an offline encrypted USB drive in a UK physical safe, never connected to any network. The Root CA has a single Ed25519 key pair (public key distributed to all DEFONEOS nodes as a trust anchor; private key never leaves the USB). Root CA validity: 10 years. Rotation requires BFT supermajority 27/33 plus human-owner witness and BFT witness ceremony.

Intermediate CAs (online, BFT-gated)

Three Intermediate CAs operate online: DEFONEOS-Ring0-ICA for sovereign MCPs, DEFONEOS-Ring1-ICA for defence sensors, DEFONEOS-Ring2-ICA for civil open-data MCPs. Each Intermediate CA has a 1-year validity and signs end-entity certificates. Intermediate rotation is automated every 90 days with SIGIL-anchored evidence.

End-Entity Certificates (per-node)

Each DEFONEOS node (MacBook, Oracle VM, GCHQ cluster node, BT Sovereign ring node) receives a per-node end-entity certificate bound to: node ID, ring (0/1/2), Ed25519 public key, MAC address, attestation token, valid-from/valid-to. Certificates are valid 30 days and rotate every 30 days via automated renewal.

{
  "version": 3,
  "subject": "CN=defoneos-m4pro-7842,O=DEFONEOS,L=Oracle-UK-South,C=GB",
  "ring": 0,
  "node_id": "ed25519:7842:ab3f...",
  "validity": {"not_before": "2026-07-15T00:00:00Z", "not_after": "2026-08-14T00:00:00Z"},
  "public_key": {
    "algorithm": "Ed25519",
    "value": "MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE="
  },
  "attestation_token": "ed25519:secure-enclave:...",
  "issuer": "DEFONEOS-Ring0-ICA",
  "signature_algorithm": "Ed25519",
  "signature": "0x9f3a8b7c2d..."
}

3. Three Pin Strategies

Pin Strategy 1: SPKI Pinning (SubjectPublicKeyInfo hash)

Each DEFONEOS endpoint pins the SPKI hash of the peer's public key. Even if the certificate is re-issued (new validity, new serial), the same Ed25519 key produces the same SPKI hash and the pin is preserved. SPKI pinning is the recommended primary strategy. Pin hash format: SHA-256 of DER-encoded SubjectPublicKeyInfo, base64 encoded.

Pin Strategy 2: Full-Certificate Pinning (SHA-256 of DER)

Each endpoint pins the full certificate SHA-256 hash. This is the strictest strategy — any re-issuance (even with same key) breaks the pin and requires pin update. Used only for the most sensitive cross-region links (e.g., MacBook → Oracle UK-South BFT gateway). Pin update requires BFT quorum and SIGIL emission.

Pin Strategy 3: TUF-style Delegated Pinning

For federation with peer DEFONEOS operators, pins are managed via a TUF (The Update Framework) repository. Each peer operator signs a delegation chain with Ed25519, and pin updates roll forward through the chain. This allows safe pin rotation without manual coordination. TUF repository is replicated to all peer operators via the federation discovery protocol.

4. HPKE for Application-Layer Encryption

TLS 1.3 mTLS provides transport-layer encryption. For application-layer encryption of MCP request/response payloads (defence-in-depth against TLS termination at intermediaries), DEFONEOS uses HPKE (Hybrid Public Key Encryption, RFC 9180) with X25519 + HKDF-SHA256 + ChaCha20-Poly1305. Each MCP request payload is HPKE-sealed to the peer's HPKE public key before being passed to the TLS layer.

HPKE key pairs are distinct from TLS key pairs and rotate on a different schedule (per-request nonces with key rotation every 1000 requests). HPKE ensures that even if TLS is terminated (e.g., at a load balancer that re-encrypts), the application payload remains encrypted end-to-end.

Threat model note: HPKE mitigates TLS termination at intermediaries (reverse proxies, load balancers, traffic-inspection appliances). Even with full TLS MITM capability, the attacker sees ciphertext only.

5. Certificate Transparency on SIGIL

Every certificate issued by a DEFONEOS Intermediate CA is logged to the SIGIL ledger within 5 seconds of issuance. The CT log entry includes: certificate serial, subject, issuer, valid-from/valid-to, SPKI hash, ring, issuing Intermediate CA signature, and timestamp. CT log entries are append-only, Merkle-anchored, and replicated to all DEFONEOS nodes.

Monitors (per-node CT-verification agents) check the CT log for unauthorized certificate issuance. If a certificate appears in the log that was not expected (e.g., a new certificate for a node that is currently in maintenance), the monitor emits a SIGIL red-line alert and the BFT council is auto-paged.

{
  "ct_entry_id": "ct-2026-07-15-7842-001",
  "version": 1,
  "certificate_serial": "0x9f3a8b7c2d1e0f",
  "subject": "CN=defoneos-m4pro-7842,O=DEFONEOS",
  "issuer": "CN=DEFONEOS-Ring0-ICA,O=DEFONEOS",
  "not_before": "2026-07-15T00:00:00Z",
  "not_after": "2026-08-14T00:00:00Z",
  "spki_sha256": "VKZ9YvhKjP3z4eQ8M...",
  "ring": 0,
  "issuing_ca_signature": "ed25519:0x9f3a8b7c2d...",
  "sigil_receipt": "sigil_ct_logged_v1:9f3a8b7c...",
  "merkle_leaf_index": 47821,
  "merkle_root": "0x7b2e...",
  "timestamp": "2026-07-15T00:00:05Z"
}

6. Certificate Lifecycle & Rotation

StageDurationTriggerSIGIL Emission
Issuance≤5 secNode bootstrap or renewalcert_issued
Distribution≤30 secPush to all nodes + CT logcert_distributed
Active30 dayshealth probes daily
RenewalT-7 days before expiryAuto-renewal daemoncert_renewed
Revocation≤60 secCompromise / quarantine / incidentcert_revoked
CRL publication≤60 secAuto-publish to SIGIL + peer-federationcrl_published
Archival7 yearsCT log retentioncert_archived

Certificate Revocation List (CRL) is published to the SIGIL ledger every 60 seconds and replicated to peer DEFONEOS operators via the federation discovery protocol. OCSP stapling is used for high-availability revocation checks; if OCSP is unavailable, CRL fallback to the SIGIL ledger.

7. BFT-Gated Root CA Operations

Root CA operations (issuance of new Intermediate CA, root key rotation, emergency revocation) require BFT supermajority 27/33. Daily Intermediate CA operations (end-entity issuance, routine renewal) require 17/33 BFT approval or automated via the on-call agent with Friday BFT ratification. All Root CA operations emit a SIGIL receipt with the full BFT vote record.

BFT-Gated Operations

OperationQuorumUse Case
Root CA key rotation27/33 + human witness10-year cycle or compromise
Intermediate CA issuance23/33Adding new ring / new deployment
Emergency revocation23/33Compromise / SEV1 incident
Routine end-entity issuance17/33 (or auto)Node bootstrap / renewal
CRL publicationautoEvery 60 sec + on-revocation

8. Anti-Patterns (Immediate Quarantine)

  1. Trusting WebPKI CAs. US-incorporated CAs (Let's Encrypt, DigiCert, Sectigo, Google Trust Services) are rejected. Endpoints configured to trust WebPKI are quarantined as compromised.
  2. Skipping CT logging. Any certificate issued without a SIGIL CT log entry is treated as unauthorized and triggers BFT emergency session.
  3. Using RSA keys for new certificates. All new DEFONEOS certificates use Ed25519 only. RSA keys are grandfathered only for legacy interop and must rotate to Ed25519 within 90 days.
  4. Storing private keys in US HSMs. AWS CloudHSM, Azure Dedicated HSM, Google Cloud HSM are rejected. Private keys live in MacBook Secure Enclave, Oracle UK-South HSM, or offline encrypted USB.
  5. Skipping pin verification on bootstrap. New nodes must verify pins against TUF repository before joining federation. Bootstrap with pins disabled is rejected.
  6. Issuing certificates without attestation token. Every end-entity cert must include an attestation token (Ed25519-signed proof of node identity). Certs without attestation are invalid.
  7. Using 5+ year validity on end-entity certs. Maximum 30 days. Longer validity increases compromise window. Long-lived certs are auto-revoked at audit.

9. Compliance Cross-Walk

10. Live Posture (tick-108)

DEFONEOS sovereign CA is operational. 1 Root CA (offline, air-gapped). 3 Intermediate CAs (online, BFT-gated). 30 end-entity certificates issued across the 30 MCP nodes. 0 WebPKI dependencies. 7-year CT log retention active. 30-day end-entity rotation automated. 90-day Intermediate rotation scheduled. TUF pin repository live with 3 pin strategies (SPKI, full-cert, delegated). 0 pin verification failures in last 30 days. HPKE enabled on all MCP-to-MCP links. 5 named anti-patterns with automatic quarantine. 7 immutable red lines including: no WebPKI trust, no US HSM, no RSA for new certs, mandatory CT logging, mandatory attestation tokens.

Status: PRODUCTION READY. Sovereign CA ships with DEFONEOS R3. Live posture verified at tick-108.