Please do NOT open public GitHub issues for security vulnerabilities.

Email hawthornhollows@gmail.com with:

• Description of the vulnerability
• Steps to reproduce
• Impact assessment (if known)
• Your preferred attribution (or anonymous)

We will acknowledge receipt within 48 hours and provide an initial assessment within 7 days.

• We follow coordinated disclosure (90-day window).
• Critical vulnerabilities affecting deployed systems will receive expedited patches.
• We will credit reporters in the changelog unless anonymity is requested.
• We do not offer a bug bounty at this time.

cellar-door-exit supports two signature algorithms:

The AlgorithmRegistry supports fail-closed semantics: unknown algorithms are rejected, not silently downgraded. New algorithms require explicit registration.

⚠️ Neither algorithm implementation has undergone formal security certification. The underlying cryptographic primitives are provided by @noble/ed25519 and @noble/curves, which have been independently audited by Cure53 (2022).

However, this package's specific usage of those primitives has not been independently audited.

For production deployments requiring certified cryptography, use the Signer interface to connect a FIPS-validated HSM or cloud KMS provider.

• Production: Use HSM-backed signing via the Signer interface
• Cloud: AWS KMS, GCP Cloud KMS, Azure Key Vault via Signer abstraction
• Minimum: Encrypted at rest, never in source control, via secrets managers
• Crypto-shredding: Use KeyStore interface for managed key lifecycle and deletion

JavaScript runtimes use garbage-collected memory. destroy() calls Uint8Array.fill(0) on key buffers but this is best-effort only due to JIT copies and GC compaction. For high-security contexts, use hardware-backed signing where key material never enters JS memory.

These are documented honestly, not hidden:

1. Self-attestation model. EXIT markers are signed by participants, not verified by independent witnesses. Trust requires higher-layer protocols (L1+). See spec Section 7.
2. TSA verification is structural only. FreeTSA receipt structure is checked but cryptographic chain-of-trust to the TSA certificate is not verified in-library. See checkTSAReceiptStructure().
3. No formal security audit. 456 automated tests cover functionality but are not a substitute for professional security review.

See the full threat model in EXIT_SPEC_v1.2.md, Section 9.

Key threats addressed: coerced departure, marker tampering, replay attacks, timing manipulation, key compromise. Key threats deferred to L1+: Sybil origin attacks, reputation gaming, strategic departure patterns.

• Security issues: hawthornhollows@gmail.com
• General: GitHub Issues