Ethereum empowers users and developers to interact with totally new kind of applications called Dapps (Decentralized applications). These application allows to interact with the blockchain on a completely new level which is not only about exchanging values but also executing arbitrary logic. This logic can form very sophisticated programs like DAOs (Decentralized autonomous organizations). The missing part here is how users of Dapps can communicate securely and in a decentralized way with each other. Communication is an essential part of any activity. In this document, we specify a secure and decentralized messaging protocol, onwards called Status Protocol, that is capable of running on the Ethereum network.
**TODO: This needs some tweaking, as it was taken from https://github.com/status-im/swarms/blob/master/ideas/311-status-protocol.md which also includes how to work, as opposed to how the prinicples apply technically**
One way of looking at our protocol stack is as a reflection of our principles. While this isn't always true in practice right now, this is what we are aiming for, and also what we want to see in future specification proposals.
The protocol should be a reflection of our principles.
I. Liberty - enable sovereignty of individuals with things like key management, as well as economic freedom, etc, by enabling transaction of funds and socio-economic coordination between small groups of people. This also includes being coercion resistant, and not forcing updates on people.
II. Censorship resistance - enable censorship resistance through things like pluggable transports, as well as being agnostic to the information being transported.
III. Security - use state-of-the-art technologies, and research new security methods and technologies to make strong security guarantees.
IV. Privacy - protect privacy in communication and transactions, and strive to provide right to total anonymity.
V. Transparency - be open about what we are doing, allow community contributions and be clear about trade-offs.
VI. Openness - specification is open and under a permissive license.
VII. Decentralization - p2p network, maximizing number of computers/humans who can control and use the protocol we are building.
VIII. Inclusivity - easy to use our protocols, as well as working towards interopability with other protocols, and educating users.
IX. Continuance - network should be incentivized to continue on its own.
X. Resourcefulness - work with other teams to avoid duplication of effort, study prior work deeply to minimize wasted and duplicate effort.
In the following sections we will elaborate more on these.
The Status Protocol stack consists of multiple protocols at multiple levels. In this document, we give a brief overview of each layer and what they provide. We also note any specific considerations when it comes to using these components together.
Data layer specifies a format of payloads exchanged between clients communicating using the Status Protocol. The robust and well-defined format is required in order to provide some security guarantees, for example, client should not display messages that do not conform to the format, and allow the clients to upgrade the protocol safely in the future.
Authentication means that each participant in the conversation receives a proof of possession of a known long-term secret from all other participants. In addition, each participant is able to verify that a message was sent from the claimed source.
This assumes trust has already been established. Initial trust establishment is detailed in [Initial Trust Establishment Specification](x5.md).
Forward secrecy, known also as perfect forwardsecrecy (PFS), gives assurance that session keys will not be compromised even if the private key is compromised. Also, compromising one session key will not result in compromising other sessions.
Note: The Status Procol can work with PFS enabled and disabled. In the case of disabled PFS, the encryption is moved to the Privacy Layer and handled by Whisper. Whisper does **not** provide forward secrecy. This is a flaw of the original design which mixes security and private layer responsibilities. With PFS enabled, a message is encrypted twice.
The purpose of the transport privacy layer is to hide metadata (provide darkness) that are always sent when communicating over the internet. In some cases, leaked metadata might be as dangerous as leaking the actual payload so it's important to reduce that.
The Status Protocol uses [Whisper in version 6](https://github.com/ethereum/wiki/wiki/Whisper) as a privacy protection protocol. Whisper routes messages by broadcasting them to all connected peers so that identifying of the recipient is almost impossible (the sender is not equally protected, though). [Read more](https://github.com/ethereum/go-ethereum/wiki/Achieving-Darkness) about how Whisper achieves darkness.
Note: there is one more cross-layer dependency in the Status Protocol between the privacy and data layers. Whisper uses topics to reduce traffic and preliminarily filter out messages. However, selecting a topic depends on the type of the message that is a topic for 1-1 chat will be different from a topic for a public chat.
P2P layer allows various clients to securely communicate with each other through the internet in a decetralized fashion, envetually forming a peer-to-peer network. Due to our close relationship to Ethereum and the fact that Whisper is built on top of [devp2p](https://github.com/ethereum/devp2p), we use [devp2p](https://github.com/ethereum/devp2p) as a P2P layer.
A client in order to rely a message needs to first find other clients (this process is called node discovery and is out of scope of this specification) within the peer-to-peer network. Then, the message needs to be properly routed handling obstacles like NAT traversal. All these things are handled by devp2p.
In the next version of the protocol, we will try to remove these dependencies so that all layers are orthogonal and if necessary there is a clean interface between one and another.
