intro notes

docs/intro.md

@@ -2,12 +2,64 @@
 sidebar_position: 1
 ---
 
-# Cwtch Intro
+# What is Cwtch?
+
+Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, metadata resistant messaging app.
+
+* **Decentralized and Open**: There is no “Cwtch service” or “Cwtch network”. Participants in Cwtch can host their own safe spaces, or lend their infrastructure to others seeking a safe space. The Cwtch protocol is open, and anyone is free to build bots, services and user interfaces and integrate and interact with Cwtch.
+* **Privacy Preserving**: All communication in Cwtch is end-to-end encrypted and takes place over Tor v3 onion services.
+* **Metadata Resistant**: Cwtch has been designed such that no information is exchanged or available to anyone without their explicit consent, including on-the-wire messages and protocol metadata.
+
+
+
+** See also: [Create a profile](/docs/profiles/create-a-profile)**
+
+# Security, Encryption and Safety
+
+##  Identity, or What exactly is a Cwtch Profile?
+
+With Cwtch you can create one of more **Profiles**. Each profile generates a random ed25519 keypair compatible with
+the Tor Network. 
+
+This is the identifier that you can give out to people and that they can use to contact you via Cwtch
+
+##  Peer to Peer, 2-party Conversions
+
+![](/img/BASE_3.png)
+
+In order to chat with your friends in a peer-to-peer conversation both must be online.
+
+After a successful connection both parties engage in an **authentication protocol** which:
+
+* Asserts that each party has access to the private key associated with their public identity.
+* Generates an ephemeral session key used to encrypt all further communication during the session.
+
+This exchange (documented in further detail in [authentication protocol](https://docs.openprivacy.ca/cwtch-security-handbook/authentication_protocol.html)) is *offline deniable*
+i.e. it is possible for any party to forge transcripts of this protocol exchange after the fact, and as such - after the
+fact - it is impossible to definitely prove that the exchange happened at all.
+
+One the authentication process is successful then both you and your friend can communicate away assured that no one else
+can learn anything about the contents or the metadata if your conversation.
+
+## Offline Delivery via Untrusted Routing Servers, and Group Conversations
+
+**Note: Metadata Resistant Group Communication is still an active research area and what is documented here
+will likely change in the future.**
+
+**TODO: Expand**
+
+In many respects communication with a server is identical to communication with a regular Cwtch peer,
+all the authentication and encryption steps above are taken however the server always acts as the inbound peer, and the outbound
+peer always uses newly generated **ephemeral keypair** as their "longterm identity".
+
+As such, peer-server conversations only differ in the *kinds* of messages that are sent between the two parties,
+with the server relaying all messages that it receives and also allowing any client to query for older messages.
 
-Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, metadata resistant messenging app.
 
 ## Getting Started
 
+
+
 ### Install
 
 Install on OS of choice:
@@ -16,8 +68,3 @@ Install on OS of choice:
 - Android
 - MacOS
 - Linux
-
-### Use
-
- **[Create a profile](/docs/profiles/create-a-profile)**
-