Loading specification
A Zero Trust Layer Protocol that provides cryptographic authentication, secure device-to-device communication, and protection against network-based attacks including DDoS. ZTLP authenticates peers before allocating network state, making unauthorized traffic cheap to reject and legitimate connectivity private by default.
A simpler view of the connection flow from enrollment to protected traffic.
Each device enrolls into the overlay and becomes addressable by identity instead of relying on exposed public network services.
Before traffic is accepted, ZTLP verifies that the peer holds a valid cryptographic identity, rejecting unauthorized packets before meaningful state is allocated.
Authenticated peers establish encrypted end-to-end sessions so devices can communicate privately across untrusted networks, NAT, and relay paths.
Once connected, traffic stays encrypted while ZTLP policies control which identities can reach which services and under what conditions.
This is an open draft. Open an issue on GitHub to start a conversation.
Discuss on GitHub