114 lines
2.6 KiB
Markdown
114 lines
2.6 KiB
Markdown
# ASL/ENCRYPTED-BLOCKS/1 -- Encrypted Block Storage Across Domains
|
|
|
|
Status: Draft
|
|
Owner: Architecture
|
|
Version: 0.1.0
|
|
SoT: No
|
|
Last Updated: 2025-01-17
|
|
Tags: [encryption, blocks, federation, storage]
|
|
|
|
**Document ID:** `ASL/ENCRYPTED-BLOCKS/1`
|
|
**Layer:** L2 -- Encrypted storage semantics (no transport)
|
|
|
|
**Depends on (normative):**
|
|
|
|
* `ASL-STORE-INDEX`
|
|
* `ASL/FEDERATION/1`
|
|
* `ASL/LOG/1`
|
|
|
|
**Informative references:**
|
|
|
|
* `ASL/DOMAIN-MODEL/1`
|
|
* `ASL/POLICY-HASH/1`
|
|
|
|
---
|
|
|
|
## 0. Conventions
|
|
|
|
The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119.
|
|
|
|
ASL/ENCRYPTED-BLOCKS/1 defines semantics for storing encrypted blocks across domains. It does not define encryption algorithms, key management, or transport.
|
|
|
|
---
|
|
|
|
## 1. Purpose
|
|
|
|
This document defines how encrypted blocks may be stored in a foreign domain without transferring semantic authority or decryption capability.
|
|
|
|
---
|
|
|
|
## 2. Core Principle (Normative)
|
|
|
|
A domain MAY store encrypted blocks for another domain, but MUST NOT assert semantic meaning for those bytes.
|
|
|
|
Meaning is owned by the domain that holds the decryption keys and index entries.
|
|
|
|
---
|
|
|
|
## 3. Encryption Model (Normative)
|
|
|
|
### 3.1 Block Encryption
|
|
|
|
Before sealing, a block MAY be encrypted:
|
|
|
|
```
|
|
plaintext_block
|
|
-> encrypt(K)
|
|
-> ciphertext_block
|
|
-> BlockID = H(ciphertext_block)
|
|
```
|
|
|
|
Rules:
|
|
|
|
* Encryption occurs before sealing.
|
|
* `BlockID` is computed over ciphertext bytes.
|
|
* Deterministic encryption is NOT required.
|
|
|
|
### 3.2 Key Ownership
|
|
|
|
* Encryption keys are owned by the originating domain.
|
|
* Keys MUST NOT be federated or embedded in index metadata.
|
|
* Decryption metadata MUST remain local to the originating domain.
|
|
|
|
---
|
|
|
|
## 4. Foreign Domain Storage (Normative)
|
|
|
|
A foreign domain storing encrypted blocks:
|
|
|
|
* Treats ciphertext blocks as opaque bytes.
|
|
* MAY retain or GC blocks under its local policy.
|
|
* MUST NOT create semantic index entries for those blocks.
|
|
|
|
---
|
|
|
|
## 5. Originating Domain References (Normative)
|
|
|
|
The originating domain:
|
|
|
|
* Maintains index entries referencing the ciphertext `BlockID`.
|
|
* Applies normal visibility, log, and snapshot rules.
|
|
* Uses local decryption metadata to materialize plaintext.
|
|
|
|
---
|
|
|
|
## 6. Cross-Domain References (Informative)
|
|
|
|
Two references are distinct:
|
|
|
|
* **Storage reference:** foreign domain stores ciphertext blocks.
|
|
* **Semantic reference:** originating domain records artifact visibility and meaning.
|
|
|
|
Foreign storage does not imply federation of semantics.
|
|
|
|
---
|
|
|
|
## 7. Non-Goals
|
|
|
|
ASL/ENCRYPTED-BLOCKS/1 does not define:
|
|
|
|
* Key exchange or key discovery
|
|
* Encryption algorithm choices
|
|
* Transport or replication protocols
|
|
* Storage layout or block packing rules
|