SSM-NET — Disclosure & Intermediaries (2F–2G)

Privacy-first defaults, verifiable by design

2F. Disclosure modes (privacy-first defaults)
Choose how much you reveal on the wire; integrity and continuity remain verifiable in all modes.

# disclosure modes
value-only        # only bytes; band/align not exposed, still stamped/committed
value+band        # label-first (default): human band public; align kept logs-only
full              # value, band, align (and align_ascii) are public

Norms (MUST / SHOULD).

  • MUST enable independent verification of the canonical subset and stamp continuity in all modes.
  • SHOULD prefer label-first (value+band) for privacy; disclose align publicly only when parity requires it.
  • SHOULD publish align_ascii with fixed sign/precision when align is public to avoid serializer drift.
  • MUST keep the subset declaration visible so receivers can recompute the digest deterministically.

Receiver parity (at a glance).

if mode == full:
    # recompute lane for parity and confirm band via manifest
    a_c := clamp(a_raw, -1+eps_a, +1-eps_a)
    u   := atanh(a_c)
    U  += w*u ; W += w
    align_local := tanh( U / max(W, eps_w) )
    assert band == cutpoint_map(align_local, manifest_id)
else:  # value-only or value+band
    # verify subset digest + continuity; validate band deterministically from disclosed inputs
    assert SHA256(serialize(subset_fields)) == HEAD
    assert prev chains

Why this matters.
You can prove integrity and timeline without exposing sensitive internals. When ecosystems need public parity, switch to full; otherwise, keep posture private and still be auditable.

2G. Intermediaries (mirrors, caches, relays)
Intermediaries add reach, not rewriting. They carry bytes and proofs forward without altering what the sender committed.

Requirements.

  • MUST forward payload bytes unchanged.
  • SHOULD preserve upstream sha256 commitments and associated headers.
  • MAY append their own stamped observation (a new stamp) without modifying the original envelope.
  • MUST NOT rewrite history or alter any previously committed subset.

Intermediary annotation (illustrative).

# original envelope (sender)
value, band, manifest_id, stamp="...|sha256=<HEAD_S>|prev=<...>"

# intermediary adds an observation
obs_subset   := ["value","band","manifest_id","intermediary_note"]
obs_HEAD     := SHA256(serialize(obs_subset_fields))
obs_stamp    := "SSMCLOCK1|<UTC>|nonce=<...>|sha256="+obs_HEAD+"|prev=<HEAD_S>"

# result: linear chain continues; original commitment remains intact

Why this matters.
CDNs, proxies, and data brokers can prove what they saw when they saw it—without tampering with the sender’s original declaration.

Navigation
Previous: SSM-NET — Continuity stamp (2E)
Next: SSM-NET — Epochs & Scope Lifecycle (2H)