Sec. 3.3 mentions that gateways are trusted to carry out the protocol correctly. This also means they are trusted from a security point of view.
I think this is incorrect. IMO, from a security POV:
There is mutual trust between each gateway and the network that it represents.
When running the SAT protocol, GW1 is able to verify that GW2 is following the protocol correctly.
However, GW1 still relies on the veracity of GW2's signed statements (e.g. that it has extinguished an asset), and vice versa. The truth of such statements may need to be enforced by mechanisms (e.g. legal procedures) that are outside our scope.
Sec. 3.3 mentions that gateways are trusted to carry out the protocol correctly. This also means they are trusted from a security point of view.
I think this is incorrect. IMO, from a security POV: