11. Limitations and Roadmap
This chapter is part of an initial draft specification. Enkrypted Chat has not been independently audited. Content may change.
11.1 Mandatory limitations (read before use)
The following MUST be understood by any professional evaluator:
- No independent security audit of the full product stack.
- Experimental / WIP software — not a replacement for Signal, WhatsApp, or enterprise messengers.
- No offline messaging — both peers must be online for delivery (relay planned, not specified).
- Broker dependency for v1 — QR/offline signaling not in this spec.
- Group chat partial — do not rely on group security guarantees.
- Browser JS trust model — hosted bundle compromise equals full compromise.
- Metadata remains — peer IDs, timing, TURN/signaling exposure (Chapter 7).
- Cascading cipher controversy — defense-in-depth intent vs expert caution (Chapter 4).
- Fast file transfer — optional reduced protection path.
- At-rest encryption — not complete.
- SFrame video E2EE — experimental, not audit-backed.
- No interoperability with other clients.
- Tor unsupported for WebRTC.
11.2 Use cases (from product vision)
Enkrypted Chat is intended for:
- Privacy-conscious individuals exploring P2P messaging
- Researchers studying P2P + Signal adaptations
- Developers evaluating modular federated architecture
- Organizations prototyping self-hosted secure comms (with their own legal/security review)
It is not positioned today for regulated healthcare, government classified comms, or high-risk journalism without additional review.
11.3 Competitive positioning (summary)
| Platform | Architecture | E2EE messaging | True P2P payload path | Notes |
|---|---|---|---|---|
| Enkrypted Chat | P2P + broker + static CDN | Cascade + WebRTC | Yes (when connected) | Experimental, unaudited |
| Signal | Centralized server | Signal Protocol | No (server relay) | Mature audit culture |
| Matrix/Element | Federated homeservers | Olm/Megolm | No | Server stores ciphertext |
| Briar/Session | P2P / onion variants | Various | Strong P2P focus | Different stack |
| Centralized | Signal-derived | No | Metadata to Meta | |
| Zoom/Meet | Centralized SFU | Variable | No | Enterprise focus |
Strategic tradeoff: Enkrypted Chat sacrifices convenience (online-only, setup complexity) for reduced central message custody.
11.4 Thematic roadmap (not dated)
Future work themes (no commitment dates):
- Independent security audit
- Offline / self-hosted message relay
- Multi-device decentralized profile
- Encryption at rest (passkey/passcode/password wrapping DEK)
- Self-destructing messages
- Improved group messaging
- Multicloud static redundancy
- Service worker static pinning
- Onion routing investigation (non-Tor WebRTC constraints)
- Expanded formal verification coverage
11.5 Vision
Long-term direction: a browser-based, user-sovereign communication suite (messaging, files, documents, calendar) with minimal central custody of content, transparent security documentation, and optional self-hosting at every infrastructure tier.
Progress is incremental; this specification will be revised as implementations mature and audits complete.
11.6 Profile-v1 protocol checklist (next implementation steps)
Before labeling EnkryptedChat-Profile-v1, the project MUST complete:
| Step | Deliverable | Status |
|---|---|---|
| 1 | Golden hex test vectors (handshake, cascade mock, MLS fallback, chunk math) | Done — Appendix A; golden-vectors.test.js, protocol-golden-vectors.test.js |
| 2 | Live MLS+Signal+ML-KEM+AES hex (V8) | Deferred — Profile-v1 |
| 3 | Implement type: "protocol-error" on decrypt/oversize/unknown-type paths | Done — p2p/src/utils/protocolError.ts |
| 4 | Mandatory specVersion: "1.0" on all PDUs | Pending |
| 5 | Freeze PDU schemas (no breaking required fields) | Pending |
| 6 | Independent security audit or documented waiver | Pending |
Completed in documentation pass (v0): P0 rationales, Appendix B/C, full PDU field reference in P4.13, formal security matrix, broker compromise list, recommended timeouts.
Not planned near-term (per product decision): Broker token/mTLS signaling auth — roadmap only (P2.9).