status-im
/
specs
mirror of https://github.com/status-im/specs.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
specs/spec/11.html

4 lines
21 KiB
HTML
Raw Normal View History

Updates
2021-11-22 18:48:50 +00:00
<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <title>11/WAKU-MAILSERVER - Status Specification</title> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon"> <link rel="stylesheet" href="/assets/css/just-the-docs-default.css"> <script type="text/javascript" src="/assets/js/vendor/lunr.min.js"></script> <script type="text/javascript" src="/assets/js/just-the-docs.js"></script> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- Begin Jekyll SEO tag v2.7.1 --> <title>11/WAKU-MAILSERVER | Status Specification</title> <meta name="generator" content="Jekyll v4.2.1" /> <meta property="og:title" content="11/WAKU-MAILSERVER" /> <meta property="og:locale" content="en_US" /> <link rel="canonical" href="https://specs.status.im/spec/11" /> <meta property="og:url" content="https://specs.status.im/spec/11" /> <meta property="og:site_name" content="Status Specification" /> <meta name="twitter:card" content="summary" /> <meta property="twitter:title" content="11/WAKU-MAILSERVER" /> <script type="application/ld+json"> {"@type":"WebPage","url":"https://specs.status.im/spec/11","headline":"11/WAKU-MAILSERVER","@context":"https://schema.org"}</script> <!-- End Jekyll SEO tag --> </head> <body> <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"> <symbol id="svg-link" viewBox="0 0 24 24"> <title>Link</title> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-link"> <path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path> </svg> </symbol> <symbol id="svg-search" viewBox="0 0 24 24"> <title>Search</title> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-search"> <circle cx="11" cy="11" r="8"></circle><line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </symbol> <symbol id="svg-menu" viewBox="0 0 24 24"> <title>Menu</title> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"> <line x1="3" y1="12" x2="21" y2="12"></line><line x1="3" y1="6" x2="21" y2="6"></line><line x1="3" y1="18" x2="21" y2="18"></line> </svg> </symbol> <symbol id="svg-arrow-right" viewBox="0 0 24 24"> <title>Expand</title> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-chevron-right"> <polyline points="9 18 15 12 9 6"></polyline> </svg> </symbol> <symbol id="svg-doc" viewBox="0 0 24 24"> <title>Document</title> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-file"> <path d="M13 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V9z"></path><polyline points="13 2 13 9 20 9"></polyline> </svg> </symbol> </svg> <div class="side-bar"> <div class="site-header"> <a href="https://specs.status.im/" class="site-title lh-tight"> Status Specification </a> <a href="#" id="menu-button" class="site-button"> <svg viewBox="0 0 24 24" class="icon"><use xlink:href="#svg-menu"></use></svg> </a> </div> <nav role="navigation" aria-label="Main" id="site-nav" class="site-nav"> <ul class="nav-list"><li class="nav-list-item active"><a href="#" class="nav-list-expander"><svg viewBox="0 0 24 24"><use xlink:href="#svg-arrow-right"></use></svg></a><a href="https://specs.status.im/spec/" class="nav-list-link">Stable specs</a><ul class="nav-list "><li class="nav-list-item "><a href="https://specs.status.im/spec/1" class=
Updates
2021-11-18 08:23:29 +00:00
</code></pre></div></div> <p><code class="language-plaintext highlighter-rouge">Lower</code>: 4-byte wide unsigned integer (UNIX time in seconds; oldest requested envelopes creation time)<br /> <code class="language-plaintext highlighter-rouge">Upper</code>: 4-byte wide unsigned integer (UNIX time in seconds; newest requested envelopes creation time)<br /> <code class="language-plaintext highlighter-rouge">Bloom</code>: 64-byte wide array of Waku topics encoded in a bloom filter to filter envelopes<br /> <code class="language-plaintext highlighter-rouge">Limit</code>: 4-byte wide unsigned integer limiting the number of returned envelopes<br /> <code class="language-plaintext highlighter-rouge">Cursor</code>: an array of a cursor returned from the previous request (optional)</p> <p>The <code class="language-plaintext highlighter-rouge">Cursor</code> field SHOULD be filled in if a number of envelopes between <code class="language-plaintext highlighter-rouge">Lower</code> and <code class="language-plaintext highlighter-rouge">Upper</code> is greater than <code class="language-plaintext highlighter-rouge">Limit</code> so that the requester can send another request using the obtained <code class="language-plaintext highlighter-rouge">Cursor</code> value. What exactly is in the <code class="language-plaintext highlighter-rouge">Cursor</code> is up to the implementation. The requester SHOULD NOT use a <code class="language-plaintext highlighter-rouge">Cursor</code> obtained from one <code class="language-plaintext highlighter-rouge">Mailserver</code> in a request to another <code class="language-plaintext highlighter-rouge">Mailserver</code> because the format or the result MAY be different.</p> <p>The envelope MUST be encrypted with a symmetric key agreed between the requester and the <code class="language-plaintext highlighter-rouge">Mailserver</code>.</p> <h3 id="receiving-historic-messages"> <a href="#receiving-historic-messages" class="anchor-heading" aria-labelledby="receiving-historic-messages"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Receiving historic messages </h3> <p>Historic messages MUST be sent to a peer as a packet with a P2P Message code (<code class="language-plaintext highlighter-rouge">0x7f</code>) followed by an array of Waku envelopes.</p> <p>In order to receive historic messages from a <code class="language-plaintext highlighter-rouge">Mailserver</code>, a node MUST trust the selected <code class="language-plaintext highlighter-rouge">Mailserver</code>, that is allowed to send packets with the P2P Message code. By default, the node discards such packets.</p> <p>Received envelopes MUST be passed through the Waku envelope pipelines so that they are picked up by registered filters and passed to subscribers.</p> <p>For a requester, to know that all messages have been sent by a <code class="language-plaintext highlighter-rouge">Mailserver</code>, it SHOULD handle P2P Request Complete code (<code class="language-plaintext highlighter-rouge">0x7d</code>). This code is followed by the following parameters:</p> <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[ RequestID, LastEnvelopeHash, Cursor ]
</code></pre></div></div> <ul> <li><code class="language-plaintext highlighter-rouge">RequestID</code>: 32-byte wide array with a Keccak-256 hash of the envelope containing the original request</li> <li><code class="language-plaintext highlighter-rouge">LastEnvelopeHash</code>: 32-byte wide array with a Keccak-256 hash of the last sent envelope for the request</li> <li><code class="language-plaintext highlighter-rouge">Cursor</code>: an array of a cursor returned from the previous request (optional)</li> </ul> <p>If <code class="language-plaintext highlighter-rouge">Cursor</code> is not empty, it means that not all messages were sent due to the set <code class="language-plaintext highlighter-rouge">Limit</code> in the request. One or more consecutive requests MAY be sent with <code class="language-plaintext highlighter-rouge">Cursor</code> field filled in order to receive the rest of the messages.</p> <h2 id="security-considerations"> <a href="#security-considerations" class="anchor-heading" aria-labelledby="security-considerations"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Security considerations </h2> <h3 id="confidentiality"> <a href="#confidentiality" class="anchor-heading" aria-labelledby="confidentiality"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Confidentiality </h3> <p>The node encrypts all Waku envelopes. A <code class="language-plaintext highlighter-rouge">Mailserver</code> node can not inspect their contents.</p> <h3 id="altruistic-and-centralized-operator-risk"> <a href="#altruistic-and-centralized-operator-risk" class="anchor-heading" aria-labelledby="altruistic-and-centralized-operator-risk"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Altruistic and centralized operator risk </h3> <p>In order to be useful, a <code class="language-plaintext highlighter-rouge">Mailserver</code> SHOULD be online most of time. That means users either have to be a bit tech-savvy to run their own node, or rely on someone else to run it for them.</p> <p>Currently, one of Statuss legal entities provides <code class="language-plaintext highlighter-rouge">Mailservers</code> in an altruistic manner, but this is suboptimal from a decentralization, continuance and risk point of view. Coming up with a better system for this is ongoing research.</p> <p>A Status client SHOULD allow the <code class="language-plaintext highlighter-rouge">Mailserver</code> selection to be customizable.</p> <h3 id="privacy-concerns"> <a href="#privacy-concerns" class="anchor-heading" aria-labelledby="privacy-concerns"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Privacy concerns </h3> <p>In order to use a <code class="language-plaintext highlighter-rouge">Mailserver</code>, a given node needs to connect to it directly, i.e. add the <code class="language-plaintext highlighter-rouge">Mailserver</code> as its peer and mark it as trusted. This means that the <code class="language-plaintext highlighter-rouge">Mailserver</code> is able to send direct p2p messages to the node instead of broadcasting them. Effectively, it will have access to the bloom filter of topics that the user is interested in, when it is online as well as many metadata like IP address.</p> <h3 id="denial-of-service"> <a href="#denial-of-service" class="anchor-heading" aria-labelledby="denial-of-service"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Denial-of-service </h3> <p>Since a <code class="language-plaintext highlighter-rouge">Mailserver</code> is delivering expired envelopes and has a direct TCP connection with the recipient, the recipient is vulnerable to DoS attacks from a malicious <code class="language-plaintext highlighter-rouge">Mailserver</code> node.</p> <h2 id="changelog"> <a href="#changelog" class="anchor-heading" aria-labelledby="changelog"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> Changelog </h2> <h3 id=