If you discover a security flaw in the specification design (for example, a protocol weakness that could allow an attacker to obtain fraudulent Sovereignty Certificates), please report it responsibly.

For security-sensitive findings:

• Email: chair@sovcert.org
• Please do not file a public GitHub issue for security-sensitive findings
• Include a detailed description of the vulnerability and its potential impact
• We will acknowledge receipt within 5 business days

For non-sensitive security feedback (e.g., suggestions to strengthen the threat model, improve cryptographic recommendations, or add mitigations for new attack vectors):

• Use the standard Technical Issue template

This repository contains only the specification text. Security vulnerabilities in specific implementations of the Sovereignty Certificate specification should be reported to the maintainers of those implementations, not to this repository.