Document the purpose of dirid.c9r file

Closes #29

Author: infeo

source/security/architecture.rst

@@ -336,3 +336,25 @@ A vault containing several nodes with very long names might result in a cipherte
     ├─ masterkey.cryptomator
     ├─ masterkey.cryptomator.DFD9B248.bkup
     └─ vault.cryptomator
+
+
+.. _security/architecture/backup-directory-ids:
+
+Backup Directory IDs
+--------------------
+
+.. note::
+
+    This layer is optional and not required for a complete implementation of the Cryptomator Encryption Scheme.
+    It doesn't provide any additional security.
+    Its sole purpose is to increase data recoverability in case of missing or damaged directory files.
+
+By obfuscating the hierarchy of cleartext paths using ``dir.c9r`` files, which contain :ref:`directory IDs <security/architecture/directory-ids>`, the directory structure is more vulnerable to problems like incomplete synchronization or bit rotting.
+
+When a directory file is missing or damaged, the ``dirPath`` cannot be computed, which effectively makes the directory content inaccessible in the :ref:`virtual filesystem <security/architecture/virtual-filesystem>`.
+In theory, the contents of the encrypted content of these files can be recovered.
+But since the :ref:`filename encryption <security/architecture/filename-encryption>` is dependent on the directory ID of the parent folder, which is only stored in the directory file, names of all items (files, directories, or symlinks) are lost.
+
+To alleviate this issue, a backup directory file will be stored during the creation of a directory.
+Inside the ciphertext directory, a file named ``dirid.c9r`` will be created, which contains the directory ID of its parent folder.
+It is :ref:`encrypted <security/architecture/file-content-encryption>` like a regular ciphertext file.