Security posture

KNOBE Threat Model

Based on KNOBE Protocol v1.0 2026-06-23 For security-focused audiences

KNOBE is a context-survival protocol, not a hard security primitive. This page is for engineers, security reviewers, and adopters: an account of where the protocol provides value and where it provides none.

The open layer of KNOBE v1 verifies integrity, not truth. A passing verification proves that a sealed object has not been altered since its hash was computed. It does not prove that the author is who they claim to be, that the content is accurate, that consent was actually obtained, or that the object is appropriate for any particular use.

Where KNOBE provides value

The protocol's high-value domain is context loss through entropy, not adversarial forgery. Context is stripped away as artifacts move through pipelines, summarization tools, copy-paste workflows, and AI ingestion systems. The protocol's primary opponent is not a malicious actor; it is the loss of interpretive context that occurs automatically every time a document is reduced, restructured, or repurposed.

Maximally adversarial: high value

Entropy and the lossy middleman

KNOBE v1.0 makes context stripping evident. The primary "adversary" is an automated pipeline: a RAG scraper that drops metadata, an LLM ingestion engine that summarizes without provenance, a corporate wiki that flattens attribution, a copy-paste action that detaches a document from its source. By sealing context (fidelity limits, attribution, quarantine status, accessibility lineage) and binding it to the text with a mathematical hash, KNOBE makes any subsequent tampering evident.

It proves what context was attached to the text at the moment of sealing. Downstream actors who want to misuse the text must now actively strip the cryptographic block, leaving an auditable trail of destruction rather than passively benefiting from context that has already evaporated.

This is the protocol's main job. Knowledge objects that traditionally lost their interpretive obligations in transit now carry them in plain text, verifiable without infrastructure, and visible to any tool or human downstream that chooses to look.

Where KNOBE provides no value

The protocol does not defend against active identity forgery. This is a design choice, not an oversight. The v1 open layer is deliberately authority-free: anyone can produce a sealed KNOBE locally, and the verifier cannot distinguish a genuine seal from a fraudulent one.

Minimally adversarial: zero or negative value

Active forgery in a zero-verification culture

KNOBE v1.0 provides zero protection against active identity forgery. If a malicious actor creates a fraudulent policy document, attributes it to "The Office of the Provost," and seals it locally, the math is completely sound. A verifier will report status: verified. The seal is intact. The lie is preserved exactly as the attacker wrote it.

If downstream human receivers conflate cryptographic verified (the file has not changed since sealing) with organizational authentic (the Provost actually wrote this), the protocol can actively harm the receiver by providing security theater. KNOBE fails as an identity-trust mechanism when deployed without a PKI overlay, an institutional signing tier, or a ledger anchor.

The boundary

What status: verified proves

The payload of this file is byte-identical to what someone sealed at some point. The author's declared attribution, fidelity limits, use conditions, and interpretive context are intact as the author wrote them.

What status: verified does not prove

Who that author actually was. Whether their attribution is honest. Whether the content is accurate. Whether the sealing happened recently or years ago. Whether the institution they claim is real. Whether the consent they assert was actually obtained.

The receiver bears the responsibility for interpreting what verification means in their specific context. A KNOBE received from a known colleague in a trusted workflow carries different weight than one received anonymously from the internet, even if both verify identically. The protocol does not collapse this distinction; it surfaces it.

How identity verification can be added

v1's identity_status: "declared" field is a deliberate placeholder. identity_status: "signed" is reserved for future tiers where cryptographic identity binding becomes available. This is one of three composition pathways:

The deliberate v1 posture: provide an integrity layer that does not require any of these to function, and let each be added by composition where the trust requirements demand it.

Classroom-scale patterns that compose these paths with nothing installed (the time sandwich, cohort receipts, and the signet design) are described on the teaching page.

Adversaries the protocol does and does not resist

Resists

Does not resist

The disposition

Integrity is the substrate. Interpretive context is the point. Identity is a separable layer that adopters can build on top, where their trust model demands it.

KNOBE makes it harder for fragments to pass as whole objects, in a world where context is lost not through malice but through automation. It provides what its name says: a knowledge object boundary that survives transit.

Identity verification requires a PKI. Timestamp proof requires anchoring. KNOBE v1 claims integrity of declared context, and no more. Receivers who need more can compose it with infrastructure that provides more; receivers who need only what it provides can use it alone.

For audiences accustomed to PKI-grounded hard security, this is a different category of tool: one that verifies integrity of declared context rather than identity or truth.