🔑 ZCerts: Verified Privacy for Apps

Zor introduces ZCerts, a new class of cryptographic certificates that prove authenticity through hardware attestation instead of centralized certificate authorities.

🔐 What is a ZCert?

A ZCert is a public key + attestation proof generated inside a Trusted Execution Environment. It guarantees two things:

1. The key belongs to a verified enclave.

2. The enclave is running trusted Zor software.

This means users can connect to a .zor service knowing it’s authentic — without trusting an external CA.

⚙️ How It Works

1. A service generates a ZCert inside its enclave.

2. The Vault validates the attestation proof and issues a signature.

3. The ZCert is added to the network’s zcert_root.

4. Clients verify the ZCert before initiating encrypted sessions.

All communication between ZCerted endpoints is end-to-end encrypted using ECDH/PGP-style handshakes — invisible even to relays and exits.

🌐 Why It Matters

ZCerts replace TLS certificates and domain authorities with something stronger and fairer: cryptographic truth.

• No single company can revoke access.

• Every service can prove its integrity.

• Privacy and authenticity finally coexist.