PEAC

Research

Security & Evaluation

PEAC receipts provide evidence, not enforcement. This page documents the security properties, design assumptions, and what receipts can and cannot prove.

Security Properties

PEAC receipts provide evidence, not enforcement. The protocol enables:

Independent verification

Receipts are independently verifiable using Ed25519 signatures. Verification does not require contacting the issuer or relying on issuer availability.

Tamper-resistant transport

Cryptographic signatures ensure integrity in transit. Receipts can be stored, forwarded, and verified by any party with the public key.

Clock tolerance

Configurable clock skew tolerance (default: 60 seconds). Timestamp validation ensures receipts are used within their validity window.

What Receipts Prove

Policy snapshot hash

Hash of policy terms at time of access

Cryptographic signature

Ed25519 signature from issuer

Timestamp validity

Issued within validity window

Optional claims

Payment, consent, and attribution data

What Receipts Do NOT Prove

Client honored the policy

A receipt proves the policy was presented and acknowledged, not that the client actually followed it. Enforcement is out of scope.

Content was not modified

Receipts attest to access, not content integrity. For content provenance, combine with C2PA or similar standards.

Issuer's policy was reasonable

PEAC is policy-agnostic. The protocol proves that a policy existed and was applied, not that the policy was fair, legal, or appropriate.

Conformance Levels

Implementations can claim conformance at different levels:

L0

Parse receipt envelope

Decode JWS structure and extract header/payload. No signature verification.

L1

Validate signature

Verify Ed25519 signature against issuer's public key. Reject tampered receipts.

L2

Verify policy binding

Validate policy hash, timestamps, issuer allowlist, and replay protection.

L3

Full negotiation flow

Complete HTTP 402 negotiation, including policy discovery and payment rail integration.

Security Review

We plan a third-party security review focused on:

  • Verification correctness (signature validation, timestamp checks)
  • Parsing hardening (malformed input handling, DoS resistance)
  • Key rotation and replay defense mechanisms

Review findings will be published publicly. Current version: v0.9.23

Questions or feedback?

Security issues can be reported via our security policy. For general questions, open a GitHub issue or discussion.

Security PolicyGitHub Discussions