Future Requirements

Requirements planned for future releases. These are not in scope for the v1.0 MVP release and are maintained here for planning visibility.

v1.1 — SBOM-Aware Transfer Manifests

The following requirements are planned for v1.1 and are not in scope for the MVP release.

Requirement: Reference SBOM in Transfer Manifest FR-TRANSFER-048
status: proposed
tags: transfer, v1.1, sbom
priority: could
release: v1.1
is specified by: UC-TRANSFER-004

When a CycloneDX SBOM file (sbom.cdx.json) is present among the files being transferred, the transfer manifest SHALL include an sbom field referencing the SBOM filename.
Requirement: Log SBOM in Transfer Audit Trail FR-TRANSFER-049
status: proposed
tags: transfer, v1.1, sbom, audit
priority: could
release: v1.1
is specified by: UC-TRANSFER-004

The system SHALL log the presence and filename of any SBOM file in the transfer audit trail, providing chain-of-custody documentation for compliance purposes.

v1.2 — Authenticated Encryption (AEAD) for Chunks at Rest

The following requirements are planned for v1.2 and are not in scope for the MVP release. These address the threat of USB interception by providing encryption at rest for chunk data and tamper detection for the transfer manifest.

Requirement: Optional AEAD Encryption of Chunks FR-TRANSFER-050
status: proposed
tags: transfer, v1.2, encryption, aead, security
priority: should
release: v1.2

The system SHALL support optional authenticated encryption of chunk data using an AEAD construction. When a user provides a passphrase via --passphrase (interactive prompt) or --passphrase-file (read from file), all chunk data SHALL be encrypted during pack and decrypted during unpack. When no passphrase is provided, the system SHALL behave identically to v1.0 (plaintext chunks with checksum verification).
Requirement: AEAD Algorithm Default and Agility FR-TRANSFER-051
status: proposed
tags: transfer, v1.2, encryption, aead, crypto-agility, security
priority: should
release: v1.2

The default AEAD algorithm SHALL be ChaCha20-Poly1305. The system SHALL support algorithm selection via --aead-algorithm CLI flag. The AEAD module SHALL use a trait-based interface consistent with the existing HashAlgorithm trait pattern (FR-TRANSFER-047), enabling future algorithm adoption without architectural changes.
Requirement: Passphrase-Based Key Derivation FR-TRANSFER-052
status: proposed
tags: transfer, v1.2, encryption, key-management, security
priority: should
release: v1.2

The system SHALL derive encryption keys from user-provided passphrases using a memory-hard key derivation function (Argon2id recommended). KDF parameters (algorithm, memory cost, time cost, salt) SHALL be recorded in the manifest so the unpack operation can reproduce the same derived key.
Requirement: Unique Nonce Per Chunk FR-TRANSFER-053
status: proposed
tags: transfer, v1.2, encryption, aead, security
priority: must
release: v1.2

Each chunk SHALL be encrypted with a unique nonce. Nonces SHALL be stored alongside chunk metadata in the manifest. Nonce reuse across chunks with the same key SHALL be treated as a fatal error.
Requirement: Manifest Authentication via Keyed MAC FR-TRANSFER-054
status: proposed
tags: transfer, v1.2, encryption, authentication, security
priority: should
release: v1.2

When AEAD encryption is enabled, the manifest SHALL be authenticated using a keyed MAC (HMAC-SHA256, KMAC, or BLAKE3 keyed mode) derived from the same passphrase. The manifest SHALL remain human-readable (unencrypted JSON) but SHALL include a MAC field that the unpack operation verifies before processing any chunks. Verification failure SHALL abort the unpack operation.
Requirement: Record Encryption Metadata in Manifest FR-TRANSFER-055
status: proposed
tags: transfer, v1.2, encryption, manifest, security
priority: should
release: v1.2

When encryption is enabled, the manifest SHALL record: the AEAD algorithm used, the KDF algorithm and parameters (excluding the passphrase), per-chunk nonces, and the MAC algorithm used for manifest authentication. This metadata SHALL be sufficient for the unpack operation to decrypt and verify without out-of-band configuration.
Non-Functional Requirement: Passphrase Handling Security NFR-TRANSFER-023
status: proposed
tags: transfer, v1.2, encryption, security, privacy
priority: must
release: v1.2

The system SHALL NOT write passphrases or derived keys to disk, logs, or the manifest in plaintext. Passphrases SHALL be read from an interactive terminal prompt (with echo disabled) or from a file descriptor, and SHALL be zeroized from memory after key derivation completes.

Future Release Overview

ID

Title

Release

Verified By

FR-TRANSFER-048

Reference SBOM in Transfer Manifest

v1.1

FR-TRANSFER-049

Log SBOM in Transfer Audit Trail

v1.1

FR-TRANSFER-050

Optional AEAD Encryption of Chunks

v1.2

FR-TRANSFER-051

AEAD Algorithm Default and Agility

v1.2

FR-TRANSFER-052

Passphrase-Based Key Derivation

v1.2

FR-TRANSFER-053

Unique Nonce Per Chunk

v1.2

FR-TRANSFER-054

Manifest Authentication via Keyed MAC

v1.2

FR-TRANSFER-055

Record Encryption Metadata in Manifest

v1.2

NFR-TRANSFER-023

Passphrase Handling Security

v1.2

../_images/need_pie_9ef38.svg