PKI and Chains of Trust
1. The Hierarchical Model
A typical chain has three layers: a Root CA, one or more Intermediate CAs, and a leaf (end-entity) certificate. Root CAs never sign leaf certificates directly — if a root’s private key were compromised, every certificate it ever signed would be untrustworthy and replacing the root requires updates across every consumer that holds the trust anchor. Intermediates act as a buffer: a compromised intermediate can be revoked without touching the root.
flowchart TB
Root["Root CA<br/>HSM-backed, offline, rarely used"]
Int1["Intermediate CA"]
Int2["Intermediate CA"]
Leaf1["Leaf certificate<br/>end entity"]
Leaf2["Leaf certificate<br/>end entity"]
Leaf3["Leaf certificate<br/>end entity"]
Root --> Int1 --> Leaf1
Int1 --> Leaf2
Root --> Int2 --> Leaf3
classDef root fill:#fff7d6,stroke:#b58900
classDef inter fill:#eef3ff,stroke:#1f6feb
class Root root
class Int1,Int2 inter
2. How Verification Works
When a TLS connection is established, the server sends the leaf certificate and the intermediate chain — but not the root. The verifier reads each certificate’s Issuer field to find the parent, then verifies the parent’s signature using the parent’s public key. This continues until the chain terminates at a Root CA already present in the local trust store.
If the server omits intermediates, the verifier can fall back to the Authority Information Access (AIA) extension embedded in the leaf certificate, which contains a URL pointing to the missing parent.
3. Signature Verification
Each certificate contains a signature produced by the issuer’s private key over a hash of the certificate’s data. The verifier validates the signature using the issuer’s public key against its own hash of the certificate data. A match proves the issuer signed it.
The “decrypt with public key” mental model is RSA-specific. ECDSA and Ed25519 do not encrypt anything during verification — they verify the signature mathematically against the hash and the public key. ATOMx is algorithm-neutral at the protocol layer.
This is the same mechanism whether the issuer is a public web CA, a federal CA, the ATOMx Root CA, or a TPM chip manufacturer’s CA. The trust comes from where the verifier obtained the root public key, not from any property of the signature itself.
3.1 Signature Algorithms in ATOMx
| Use | Algorithm | Rationale |
|---|---|---|
| Aircraft secure-element keys, telemetry signing | ECDSA P-256 (SHA-256) | Baseline; broadly supported in TPM 2.0 and embedded TLS stacks |
| Authorization Package outer signature, capsule signature | ECDSA P-256 (SHA-256) baseline; Ed25519 evaluated for performance | RFC 5280 / RFC 8032 |
| Federal-system interoperability paths | RSA 2048 / 3072 when required by partner | Bridge only — not preferred for new code paths |
| Post-quantum migration | Hybrid signatures (classical + ML-DSA / FALCON) tracked, not yet adopted | NIST PQC standardization completing 2024–2026; ATOMx commits to hybrid before pure-PQ to preserve forward verifiability |
ATOMx never uses MD5 or SHA-1 in any cryptographic role. Algorithm identifiers are carried explicitly in every signed object (e.g., signature_algorithm in the Authorization Package Manifest) so verifier code does not depend on out-of-band agreement.
3.2 Certificate Format and Validity
| Property | Convention |
|---|---|
| Format | X.509v3 with extensions per RFC 5280 |
| Subject naming | DN with stable identifier in CN; full identity in SAN |
| Key Usage / EKU | Restricted per role (signing-only for endpoints, certSign+cRLSign for CAs) |
| Path-length constraint | Set on intermediates to prevent unintended sub-CA delegation |
| Policy OIDs | Used to scope intermediates to specific operational roles (Manufacturer / Operator / Pilot / Authority) |
| Name constraints | Applied to OEM intermediates limiting issuance to that OEM’s serial-number space |
| Validity (Root) | 20+ years (HSM-bound, offline) |
| Validity (Intermediate) | 5 years with overlapping rotation |
| Validity (Aircraft leaf) | Lifetime of aircraft, revocable; or short-lived (renewed at routine check-in) |
| Validity (Operator / Pilot) | 1 year |
| Validity (Authority person-bound) | Hours to days |
4. Trust Store
Root CA certificates are distributed out of band — via OS updates, browser updates, firmware images at manufacture, or sealed configuration files. This is the foundational anchor. It cannot be bootstrapped over the network; if it could, an attacker on the network could install themselves as the root.
In ATOMx:
| Anchor | Held By | Distribution |
|---|---|---|
| ATOMx Root public key | Aircraft secure elements, authority field devices, integrating systems | Burned in at provisioning; only updated via signed firmware update |
| TPM Chip Manufacturer Root CAs (Infineon, STMicroelectronics, NXP, Nuvoton, …) | Aircraft + authority devices that verify EK Certificates | Signed snapshot pulled during routine check-in; co-equal trust anchor with ATOMx Root for aircraft hardware identity (Aircraft Hardware Identity §2) |
| OEM Manufacturer Intermediate CAs | Aircraft + authority devices | Signed snapshot pulled during routine check-in |
| Federal Common Policy Root CA | Authority field devices and government systems | OS / image baseline |
| Public web CAs | Operator browsers (for portal access only) | OS / browser store |
AIA fallback is supported but not relied upon: aircraft and authority field devices in disconnected mode cannot fetch over the network, so all required intermediates are pre-distributed.
5. Root CA Operational Model
The ATOMx Root CA is held in a Hardware Security Module (HSM) — a tamper-resistant device that holds the private key and performs signing operations without ever exposing the key to the host. The Root HSM is kept offline. It is brought online only for infrequent, audited key ceremonies under dual control to sign new intermediate CAs.
Intermediate CAs are themselves HSM-backed but online, and sign end-entity certificates routinely.
For the specific intermediates ATOMx operates (Manufacturer, Operator, Pilot, Authority), see Disconnected Operations §2.2. For the OEM-side ceremony that issues Manufacturer intermediates, see Onboarding Manufacturers §3.
5.1 FIPS Posture and HSM Custody
| Property | Posture |
|---|---|
| HSM compliance | FIPS 140-3 Level 3 minimum for Root and intermediate CAs; Level 4 preferred for Root |
| Key escrow | None. ATOMx does not escrow private keys. Loss of an HSM is recovered through key rotation, not extraction. |
| Key generation | All private keys generated inside the HSM; key material never leaves in plaintext |
| Ceremony control | Dual-control / m-of-n quorum for Root operations; signed video and witness log; periodic external audit |
| Cross-signing / root rollover | New Root signed by previous Root during overlapping validity to allow fielded devices to migrate; trust-anchor refresh through signed firmware update |
| Certificate Transparency | Not used for ATOMx-internal hierarchy (closed PKI); evaluated for federation paths |
| Certificate pinning | Not used at the ATOMx Root layer (pinning would defeat rotation); used at integration boundaries where appropriate |
6. Revocation
6. Revocation
Four approaches are in play across ATOMx:
| Mechanism | Where Used | Tradeoff |
|---|---|---|
| Certificate Revocation List (CRL) | Manufacturer CAs, long-lived OEM certs | Distribution overhead; works offline |
| OCSP / OCSP stapling | Online integration paths (operator portal, partner APIs) | Real-time but online-only; not relied on by aircraft or field devices |
| Short-lived certificates renewed at every check-in | Aircraft mTLS sessions, operator sessions | No CRL pressure; requires connectivity to renew |
| Server-side cert deletion | Connected aircraft avatars (Mar 5, 2026 ARB decision) | Elegant for connected ops; revocation = delete server cert, avatar pod dies, client cert becomes useless. See Origins §3.12. |
Disconnected verifiers carry a signed CRL snapshot inside each Offline Capsule and refuse capsules referencing revoked credentials. See Disconnected Operations §3.1 and Threat Model §5–§6 for revocation-related threats.
7. Cross-References
- Pilot credentials and identity-proofing chains: Pilot Identity
- Aircraft TPM / EK / Assembly Certificate dual-chain model: Aircraft Hardware Identity
- The ATOMx-internal trust hierarchy and intermediate CAs: Disconnected Operations §2
Implementation Readiness — Open Questions
Each entry below identifies a decision not yet locked. Items marked (ADR) should be formalized as an Architecture Decision Record before implementation begins. Items marked (blocking) must be resolved before the relevant feature can be built.
| # | Question | Owner | ADR? | Blocking? |
|---|---|---|---|---|
| 1 | HSM vendor and product line for Root and Intermediate CAs (Thales Luna, Entrust nShield, AWS CloudHSM, YubiHSM2, GCP Cloud HSM) — affects FIPS 140-3 L3/L4 attainability, ceremony tooling, cost, and federal interop | Security + Engineering | Yes — “HSM Vendor Selection for ATOMx Root and Intermediate CAs” | Yes |
| 2 | Exact X.509 certificate profiles per role (Aircraft EK, Aircraft Assembly, Operator, Pilot, Authority, Capsule-signing) — extension set, critical flags, SAN structure, serial-number scheme | Engineering | Yes — “ATOMx X.509 Certificate Profiles” | Yes |
| 3 | Policy OID arc allocation — register a private enterprise number (PEN) under IANA and define sub-arcs for Manufacturer / Operator / Pilot / Authority assurance levels | Engineering + Legal | Yes — “ATOMx Policy OID Arc and Assurance Levels” | Yes |
| 4 | EKU strings — reuse standard OIDs (id-kp-clientAuth, id-kp-serverAuth) vs. mint ATOMx-specific EKUs for capsule signing, telemetry signing, authority issuance | Engineering | Yes — “Extended Key Usage Strategy for ATOMx” | Yes |
| 5 | CRL distribution mechanics for disconnected verifiers — snapshot cadence, signing key, max size, delta-CRL use, CDP URI scheme inside Offline Capsules | Engineering | Yes — “CRL Distribution and Freshness for Offline Capsules” | Yes |
| 6 | OCSP responder operations — hosting (in-cluster vs. managed), responder cert lifecycle, stapling enforcement on portal/API edges, fallback when responder is unreachable | Engineering | Yes — “OCSP Responder Architecture and SLOs” | No |
| 7 | Post-quantum migration timeline — when hybrid ECDSA+ML-DSA becomes mandatory for new issuance, sunset date for pure-classical leaves, aircraft-firmware rollout dependency | Security + Engineering | Yes — “Post-Quantum Hybrid Signature Adoption Plan” | No |
| 8 | Root CA rollover mechanics — overlap window length, cross-sign direction, firmware update gating, behavior for devices that miss the rollover window | Engineering | Yes — “ATOMx Root CA Rollover Procedure” | Yes |
| 9 | Cross-signing strategy with Federal Common Policy and partner PKIs — which paths get bridged, bridge-CA vs. cross-cert, name-constraint scope | Security + Legal + External | Yes — “Federal and Partner PKI Cross-Signing” | No |
| 10 | Certificate Transparency stance for federation paths — submit to public logs, run a private log, or none; tradeoffs vs. closed-PKI privacy posture | Security | Yes — “Certificate Transparency Posture for ATOMx” | No |
| 11 | Trust-anchor refresh mechanism on fielded aircraft and authority devices — signed-firmware-only vs. signed-bundle-over-check-in, rollback protection, anti-downgrade | Engineering | Yes — “Trust Anchor Refresh and Anti-Downgrade” | Yes |
| 12 | Name-constraint enforcement details for OEM intermediates — permittedSubtrees encoding for serial-number namespaces, verifier behavior on legacy stacks that ignore name constraints | Engineering | Yes — “Name Constraint Enforcement for OEM Intermediates” | No |
| 13 | Key ceremony procedure documents — script, witness list, video retention, m-of-n quorum size, off-site storage of activation materials, dry-run cadence | Security + Legal | No (operational runbook, not architectural) | Yes |
| 14 | Audit and inspection cadence — internal audit interval, external WebTrust-equivalent audit applicability, federal audit obligations under contract vehicles | Security + Legal | No (governance policy) | No |
| 15 | CA compromise recovery playbook — detection triggers, emergency revocation broadcast path to disconnected fleet, re-issuance prioritization, communications plan | Security + Engineering | Yes — “CA Compromise Detection and Recovery” | Yes |