Skip to content

mqtt: add v3 double-ratchet sessions and invariants contract#20

Merged
doomhammerhell merged 1 commit into
mainfrom
fix-cargo-test-errors-audit
Apr 15, 2026
Merged

mqtt: add v3 double-ratchet sessions and invariants contract#20
doomhammerhell merged 1 commit into
mainfrom
fix-cargo-test-errors-audit

Conversation

@doomhammerhell
Copy link
Copy Markdown
Owner

@doomhammerhell doomhammerhell commented Apr 15, 2026

  • Replace symmetric-only session chains with a DH-driven double ratchet (PCS) and strict topic/context binding
  • Enforce hard size limits, wire ID sanitation, and per-peer/global token-bucket budgets before expensive crypto
  • Add SECURITY_INVARIANTS.md and regression tests for rollback/policy/session invariants
  • Fix ratchet message-limit handling; remove unsafe auto-rotation path
  • Update MQTT and security documentation

@doomhammerhell
mqtt: add v3 double-ratchet sessions and invariants contract
f8ce12e 
- Replace symmetric-only session chains with a DH-driven double ratchet (PCS) and strict topic/context binding
- Enforce hard size limits, wire ID sanitation, and per-peer/global token-bucket budgets before expensive crypto
- Add SECURITY_INVARIANTS.md and regression tests for rollback/policy/session invariants
- Fix ratchet message-limit handling; remove unsafe auto-rotation path
- Update MQTT and security documentation
@doomhammerhell doomhammerhell merged commit bcd7945 into main Apr 15, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@doomhammerhell