Capability Trees: Sovereignty Is the Point

This piece argues that DASL introduces security risk when applied to delegations, and that by not using DASL, capability trees avoid that risk.

April 07, 2026

A question came up in response to the Capability Trees proposal: doesn't requiring live PDS resolution for delegation verification run against the grain of DASL? DASL's self-certification property means data can be verified against its content hash regardless of where it came from. Capability Trees breaks that; the PDS is the authoritative source, and location matters.

This is a fair observation. But I think it mistakes a tool for a principle, and in the case of delegations specifically, self-certification is not just unhelpful. It actively undermines sovereignty.

Here's why. A self-certifying delegation can be verified without the delegator's participation. That sounds convenient. But it means a delegation can be exercised after the delegator has revoked it, as long as the verifier hasn't received the revocation yet. To patch that hole, you need revocation records; explicit, actively propagated signals that a permission no longer exists. You are now counting on those records being distributed correctly, reaching every verifier before the capability is exercised. That is not a minor implementation detail. It is a new class of infrastructure, a new failure mode, and a new attack surface.

DASL introduces this complexity. The self-certification property shifts the burden of proof: you have permission until explicitly told you don't. That is a fail-open default. If revocation propagation fails (e.g. network partition, delayed firehose delivery, a verifier that hasn't caught up), the capability still works. The system fails by granting access it shouldn't.

Capability Trees inverts this. You don't have permission until you can verify you do, right now, from the source. If the PDS is unreachable, verification fails. Access is denied. The system fails by denying access it might have granted, which is the right failure mode for a permission system.

Offline verification is a legitimate need, and Capability Trees supports it through verified snapshots with expiry. But offline is the exception that requires an explicit escape hatch, not the default. The default should protect the delegator.

Data sovereignty is ATProto's foundational commitment. DASL serves that commitment for content — portable, verifiable, migration-friendly. But for delegations, self-certification works against the owner's ability to revoke. The PDS is the source of truth because the user is sovereign over their data. When DASL and sovereignty point in different directions, sovereignty wins.

DASL is a good tool. It shouldn't be a golden hammer.