Appendix C. Glossary
Work in progress — not audited
Definitions are normative for interpreting P1–P8 unless a chapter defines a term more specifically.
| Term | Definition |
|---|---|
| Application PDU | JSON object on a WebRTC data channel with required type field (P4). |
| Broker | PeerJS-compatible signaling server over WSS; relays SDP/ICE only in v0 profile. |
| Cascade | Ordered stack MLS → Signal → ML-KEM → AES applied by CascadingCipherManager (P5). |
cascadedPayload | Object inside encryptedMessage holding finalCiphertext and layer metadata. |
encryptionReady | Implementation flag: local crypto handshake complete for a peer; required before E2EE message PDUs (P3). |
encryptedConnections | Set of remote Peer IDs allowed on encrypt path (P7). |
encryptedMessage | Wrapper object carrying ciphertext (cascade or MLS-only). |
| Fast file profile | Bulk transfer that MAY bypass cascade; DTLS-only protection (P6.6). |
| Handshake PDU | Control type values in P3 establishing crypto state. |
| Initiator / Responder | WebRTC roles for outbound connect vs inbound accept (P2). |
| MLS | Messaging Layer Security (RFC 9420). |
| Peer ID | Opaque broker address string; not a global cryptographic identity (P2.5). |
| PDU | Protocol data unit; here, one JSON object on the data channel. |
| Profile | Named configuration EnkryptedChat-Profile-v0 (P1). |
| Signaling | WSS broker traffic for WebRTC setup, distinct from application PDUs. |
| TOFU | Trust on first use — accept Peer ID and in-band keys without prior out-of-band verification. |
| TURN | Relay for ICE when direct UDP fails; sees traffic metadata (ch. 3). |