# Security Notes
- **Authenticated Data** – Every packet is sealed with `enigma-aead` using AD = conversation id (UUID) + sender username + receiver username. Any tampering with routing metadata or replaying into a different conversation invalidates the tag.
- **Ratchet State** – Sessions derive new AEAD keys per packet from the shared secret and ratchet counters. Keys are zeroized on drop.
- **Attachments** – Attachment ordering is enforced: a chunk or end frame without a matching init fails.
## Out of Scope
- Persistent state management, replay caches, and storage of attachment payloads
- Transport security (use TLS, DTLS, QUIC, or WebRTC where required)
- Identity discovery and X3DH execution (the crate expects already-derived session secrets)
- UI, policy, spam, and abuse handling