It would be part of a defense in depth mechanism, I am working on a secure compute node inventory solution where each potential node is a DAML party, but also each node generates its own RSA key pair for encrypting data in transit and signing payloads., The public key is then registered in the DAML contract. A node would not be allowed to come up if not authorized by the DAML contract. Each node would then send status updates and life beat messages to the contract authenticated as its own party.
These compute nodes run highly sensitive workloads so as a second layer of defense I was thinking that with each life beat and status update, the node could also send the signatures of its identity (party name) and the contract could verify the signature.
This would protect against the situation where a node’s identity info is compromised and the attacker manages to craft an imposter JWT. Since the RSA key pair is only generated in memory in the compute node and it is regularly rotated, it would be much more difficult for the attacker to also break this 2nd defense layer.
it’s ok if this is not available, there are other ways to implement this 2nd layer of defense.