Discussion: Security profile of DSNP

[wesbiggs]

It was been suggested that we incorporate some level-setting remarks on privacy and security into the specification.

• What is the purpose of encryption in DSNP?
• How does or doesn't this compare to end-to-end encryption in protocols like Signal?
• What levels of privacy can/can't DSNP ensure? What could well funded state actors do now and in the future?
• How can the specification anticipate a potential post-quantum cryptography environment?
• What are the privacy and security implications of DSNP's delegation model?
• What are the privacy and security implications of key sharing with providers?

@shannonwells feel free to add/edit.

[shannonwells]

I think this is pretty good; I propose "acceptance criteria" for any resulting changes be documentation that is fairly easy to understand if you are new to DSNP. It may need to include glossary items or links to definitions of various security terms. There might be also a tl;dr, "plain language" section for this purpose.