From 57d8a0371f97f1eb4cfd16649c003e46709137d8 Mon Sep 17 00:00:00 2001 From: cyph3rasi Date: Wed, 15 Jul 2026 06:46:13 -0700 Subject: [PATCH] Align E2EE migration documentation with fail-closed authenticated-export enforcement Hop-State: A_06FPC1S8F3FMQ5RF2YGEFKR Hop-Proposal: R_06FPC1MBXQ3KPM14C628E40 Hop-Task: T_06FPC1EEXNSR6RQ8VK6GX80 Hop-Attempt: AT_06FPC1EEXQMRTGRB6GP5FBG --- docs/e2ee-dms.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/e2ee-dms.md b/docs/e2ee-dms.md index 14ec3dc..06a9334 100644 --- a/docs/e2ee-dms.md +++ b/docs/e2ee-dms.md @@ -79,7 +79,7 @@ Invalid signatures, altered envelopes, authentication failures, and messages enc ## Export and migration limits -Account export preserves new message envelopes as ciphertext and preserves legacy messages as legacy plaintext. Fresh v1.1 exports sign a canonical digest of the complete payload. A historical v1.0 account can still migrate without that digest, but all unauthenticated DM history is discarded and the destination warns that the remaining legacy payload must be reviewed for tampering. The server does not decrypt E2EE messages for export. +Account export preserves new message envelopes as ciphertext and preserves legacy messages as legacy plaintext. Fresh exports sign a canonical digest of the complete payload. Digest-less historical exports are rejected because their profile, posts, follows, bots, and message history cannot be authenticated; users must create a fresh export on the old node. The server does not decrypt E2EE messages for export. V1 does not migrate the account encryption private key or recovery enrollment between home nodes. It does migrate the signed public key-continuity anchor. On first opening Chat at the destination, the user sets a PIN once and the browser signs a monotonic replacement key. Preserved old ciphertext remains unreadable on the destination. Copying a node-wide `E2EE_RECOVERY_SECRET` for one account is not acceptable.