Security & Privacy Whitepaper (Overview)Appendix
Version & Changelog
This page records version changes and summaries for the Whitepaper documentation. Each change should indicate: scope of change, affected chapters, involved Claim IDs, and (if applicable) relationship to implementation versions or cryptoVersion.
Recording Standards
- Version Number: Semantic versioning (e.g.,
v1.0,v1.1) or Date versioning (e.g.,2026-01) recommended. - Change Type: Added / Changed / Fixed / Deprecated / Removed.
- Traceability: Each change should link to specific chapters and Claim IDs; Claim text changes should sync with the Master List.
- Relation to Implementation: If documented implementation changes (e.g., encryption params, token scope, log policy), note the corresponding client/server version or effective date.
Change Log
The table below provides a minimal maintainable structure. Update date, version, and summary per release cadence; use date versioning if internal version numbers are not exposed.
| Date | Doc Version | Change Summary | Chapters | Related Claim IDs |
|---|---|---|---|---|
| 2026-01-14 | v1.0 | Initial release of Security & Privacy Whitepaper (Split by Chapters). Covers Scope & Threat Model, Architecture & Auth, Crypto & Key Mgmt, Privacy & ZK, Web Security, Logging & IR, Vulnerability Disclosure, Evidence & Status, Claim IDs Master List, and Glossary. | Overview + Ch 1–12 + Appendix | See Master List /security-privacy-appendix-claim-ids |
| YYYY-MM-DD | v1.1 | Example: Supplement Ch 6-7 (Data Lifecycle & Abuse), update Download Page CSP & Referrer-Policy examples, refine audit field minimization. | Ch 6, 7, 9, 10 | (Ex) DATA-*, ABUSE-*, WEB-*, LOG-* |
| YYYY-MM-DD | v1.2 | Example: Introduce new cryptoVersion (e.g., v2), adjust IV/AAD spec & compatibility; add deprecation timeline. | Ch 5, 11 | (Ex) CRYPTO-*, VERSION-* |
Maintenance Suggestions
- When modifying text, check for impact on Claim IDs (statement content or Evidence links).
- For major changes related to public security commitments, consider syncing evidence/notes on /status.
- If disclosing security incidents (without expanding attack surface), record release window and scope here, linking to public incident statement (if applicable).