Explanatory content only; for binding requirements read the Security Considerations sections of the specs.
Cipherlots assume a world where metadata surveillance is the default. Implementers must understand who we defend against and where the limits lie.
Primary adversaries
- Platform operators: Services that monetize behavioral data.
- Network observers: Entities capable of bulk packet capture and correlation.
- Co-located tenants: Malicious services attempting to exfiltrate colocated data.
Non-goals
- Compromised user devices.
- Coercion that extracts secrets directly from humans.
- Nation-state regulation compelling plaintext logging.
Design responses
- Use of OHTTP relays to blind request metadata.
- Capability tokens for least-privilege access.
- Vault-to-client ratchets for forward secrecy.
Continue with the Cipherlot Core Protocol for normative requirements.