From 91ac51dd218b8e6d75a2f8ba772bc5c55475d340 Mon Sep 17 00:00:00 2001
From: Igor Sirotin <sirotin@status.im>
Date: Tue, 28 Apr 2026 21:45:15 +0100
Subject: [PATCH] suggest encryption

---
 standards/application/segmentation.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/standards/application/segmentation.md b/standards/application/segmentation.md
index 6fddbbb..f834330 100644
--- a/standards/application/segmentation.md
+++ b/standards/application/segmentation.md
@@ -187,8 +187,16 @@ Libraries **SHOULD** require only `segmentSize` from the application for normal
 ### Privacy
 
 `entire_message_hash` enables correlation of segments that belong to the same original message but does not reveal content.
+To prevent this correlation, applications **SHOULD** encrypt each segment after segmentation (see [Encryption](#encryption)).
 Traffic analysis may still identify segmented flows.
 
+### Encryption
+
+This specification does not provide confidentiality.
+Applications **SHOULD** encrypt each segment after segmentation
+(i.e., encrypt the serialized `SegmentMessageProto` prior to transmission),
+so that `entire_message_hash` and other identifying fields are not visible to observers.
+
 ### Integrity
 
 Implementations **MUST** verify the Keccak256 hash post-reconstruction and discard on mismatch.