Discovery is not trust
Finding a node, person, community, or service does not mean it is trusted, approved, safe, reachable, or permitted.
Trust model
Trust is earned, limited, and revocable.
RelayHub separates discovery, identity, capability, reachability, permission, policy, reputation, and trust so communities can connect without blindly trusting everything they can see.
Core rule
Nothing becomes trusted merely because it is visible.
RelayHub should help people and communities discover each other, but discovery must never automatically grant access, authority, endorsement, federation, marketplace visibility, gateway use, or administrative power.
Reachability is not permission
A route existing through Reticulum or another transport does not mean communication, federation, marketplace access, or gateway use is allowed.
Identity is not reputation
An identity says who or what something claims to be. Reputation develops through behaviour, history, verification, and community experience.
Capability is not activation
A node may have hardware or software capability, but the feature still requires policy permission, trust permission, legal permission, runtime availability, and user enablement.
Trust states
Trust should have visible states.
People should be able to understand whether a peer, node, community, service, or federation is unknown, discovered, trusted, limited, quarantined, revoked, or restored.
UnknownDiscoveredIntroducedPairedTrustedLimitedFederatedQuarantinedRevokedRestored
Community relationships
Trust is social before it is technical.
Technical identity can support trust, but it cannot replace judgement, relationships, accountability, demonstrated reliability, local knowledge, or community governance.
Household trust
A household may trust family members, devices, local users, and recovery contacts differently. These roles should not collapse into one universal permission.
Community trust
Communities may recognise members, stewards, operators, guests, vendors, developers, and neighbouring communities under different rules.
Federation trust
Federation should be voluntary, limited, reversible, and based on explicit agreements rather than accidental connectivity.
Trust principles
Trust should be practical, not mystical.
Trust should be explicit.
Trust should be understandable.
Trust should be revocable.
Trust should degrade safely.
Trust should be observable.
Trust should never be assumed from network proximity.
Trust should support human relationships rather than replace them.
Trust should remain subordinate to safety, recovery, legality, and policy.
Safe failure
Trust must degrade safely.
When trust is uncertain, expired, revoked, conflicting, or degraded, RelayHub should limit exposure, explain what changed, preserve recovery options, and avoid silently continuing risky behaviour.
Important boundary
RelayHub should not assume that LAN presence, Reticulum reachability, marketplace participation, federation membership, hardware ownership, or previous interaction creates unlimited trust.