Concepts

Conceptual explainers live here. Coming next:

The three planes — mint / projection / verification, and how certs flow between them.
Voucher format — the stackrunner trust voucher carrier (specs/v1/voucher-format.md).
CRL semantics — per-customer CRL distribution, refresh cadence, and why CRL DP URLs are HTTP.
Certificate profile — the per-tier leaf cert shape, KeyUsage / EKU policy, and SAN constraints.

In the meantime, source material lives in the repo under specs/v1/.