Design Philosophy

Trust Minimization

The primary design objective of Sovereign Stack is to create an application that DOES NOT rely on any trusted third party for operation. The focus is always on trust minimization. Bitcoin is an essential part in achieving this since it eliminates the need for trusted third parties in financial transactions.

Self Hosting

Eliminating third parties implies self-hosting all your back-end services and running those services on trusted hardware you own and control. Sovereign Stack is designed to be executed under these circumstances.

"The Cloud" is often a euphemism for "someone else's computer". Involving someone else in the execution of your Information System necessarily introduces a third party in your system architecture, and that represents the introduction of a security hole.

Existing Problems

There are several problem areas that Sovereign Stack seeks to avoid:


Sovereign Stack seeks to AVOID the use of Email (i.e., SMTP). There are several reasons for this including the lack of default confidentiality, complexity of the email stack, and vulnerability to unsolicited email and spam.

Due to the complexity of the protocol, many companies rely on a trusted third party for email infrastructure. Unfortunately, these email providers get hacked leaking PII.

In general you should instead use service endpoints for functionality (e.g., RSS, webcal, etc.) Ghost, the software that enables the website portion of Sovereign Stack, automatically maintains an RSS feed for clients to subscribe to. I generally recommend you configure your RSS reader to create OS notifications which link back to the website article.

The git repository has an associated RSS feed that keeps you informed of all changes.

Domain Name System (DNS)

At this time, Sovereign Stack relies on the Domain Name System (DNS) for public Sovereign Stack instances. This requires the use of a TPP.

The current public DNS unsatisfactory due to its hierarchical nature and the fact that it is censorship-prone. This is reflected in the fact that you need to have a relationship with a trusted third party (i.e., your DNS providers: Namecheap, GoDaddy, etc.)

The recommend mitigation(s) for using the public DNS includes

  • adding multiple DNS domains from multiple providers based in multiple jurisdictions,
  • exposing services as onion endpoints.
  • I'll also explore other DNS alternatives that anchor into Bitcoin.

Exchange Rate Providers

Integrating any monetary system besides Bitcoin is considered an anti-pattern since fiat monteary systems introduce a TPP and is vulnerable to inflation! Get used to using sats as your numeraire because exchange rates make the system slow and prone to error! Why? Because you have to ask a third party what the exchange rate is.