newton requires two separate signatures before encrypted policy data can be decrypted during evaluation.
a user Ed25519 signature binds the user's identity to the specific data references and intent being evaluated. an application Ed25519 signature attests to user consent, confirming the application authorized this specific policy evaluation context.
both have to be present. neither is sufficient alone.
the design is meant to prevent unauthorized use of credentials across policy contexts. a credential encrypted for one application's newton evaluation can't be silently reused for a different application's evaluation even if the underlying data is identical, because the application signature would be wrong for the new context.
what i keep sitting with is what this dual requirement means in a scenario where the user and the application are effectively the same entity, an AI agent managing its own wallet and initiating its own transactions. whether the dual signature still provides meaningful separation of authorization in that case is something newton's whitepaper doesn't address directly.
#Newt @NewtonProtocol $NEWT