The platform only needs to trust a netlet if it provides node-wide access to a service. In this case, the service is the netlet's principal and has to sign its descriptor.
