Comments (4)
We should push some of this to the application layer in order to not introduce a new handshake message with problematic authenticity (agreement on the list of non-members who can sign handshake messages).
The server could publish an "intent to remove" that will be honored by the first client to come online.
The actual Remove HS message will be issued by a member of the group. It can additionally be attached to the server intent to remove, so that clients can convey more contextual information to users.
Example:
- Server issues the intent to remove Alice from the group.
- Bob comes online first after that and send a regular Remove HS message to remove Alice and links it to the sever intent.
- Other members of the group can now display "Alice was removed" instead of "Bob removed Alice" to the user.
In this example Bob is the first member to come online, but it could really be any other member.
This has the advantage that the protocol remains unaffected as such, while the desired behavior is still achieved.
from mls-protocol.
Discussion at interim 2019-01:
- Could do this as "server-instructed" vs. "server done"
- i.e., server instructs a client to do a remove
- But this causes some ambiguity w.r.t. the rest of the group
- The only difference between Remove and a server-initiated variant would be signature
- Other use cases:
- User deletes account
- User is no longer authorized to be in group
- Application would need to set policy about whether / when server-initiated actions would be allowed
from mls-protocol.
I'm assigning this to draft-04 under the theory that the signature changes that will come about as a result of #101 will make it straightforward to have an additional key for the server that can be used to sign Adds / Removes. If that doesn't turn out to be the case, this might get deferred.
from mls-protocol.
After discussion with @beurdouche and @raphaelrobert:
- There will be a need to signal that a non-member key is being used, e.g., with some reserved
sender
values - Do the participants in the group need to agree the set of allowed non-member signers? If some members accept a signer, others don't, then you can get partition
- -04 will focus on Remove, not Add, and punt on the agreement question; we assume the application maintains consistency of the view of authorized signers.
from mls-protocol.
Related Issues (20)
- Section 17.6
- Section 10.2 HOT 2
- Section 12 HOT 7
- Section 13.2 HOT 3
- Discuss metadata privacy HOT 3
- Section 15.3 HOT 2
- Citations to security analysis HOT 4
- Section 16.2 HOT 2
- Section 17.1 HOT 2
- Section 17.2 HOT 5
- Nits HOT 1
- Clarify that AS needs to see both signature key and credential
- Create an IANA registry for WireFormat values HOT 1
- Faster remove? HOT 24
- IANA considerations for signature labels? HOT 2
- Change log missing for -16 and -17
- Consider greasing your registries HOT 10
- Loosen chain requirements HOT 5
- Figure 14: "Derivation of ratchet tree keys along a direct path" don't correspond to the prose HOT 1
- Minor problem in transcript hash message formats HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mls-protocol.