From 8f81663f3ebbaa9201d605a1bfffe1853f729179 Mon Sep 17 00:00:00 2001 From: Pedro Pombeiro Date: Mon, 2 Sep 2019 14:34:48 +0200 Subject: [PATCH 01/11] Add description of integrity in design requirements --- status-secure-transport-spec.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/status-secure-transport-spec.md b/status-secure-transport-spec.md index 0cde88d..4ff1e8b 100644 --- a/status-secure-transport-spec.md +++ b/status-secure-transport-spec.md @@ -46,8 +46,8 @@ In this document we describe how a secure channel is established, and how variou - **Confidentiality**: The adversary should not be able to learn what data is being exchanged between two Status clients. - **Authenticity**: The adversary should not be able to cause either endpoint of a Status 1:1 chat to accept data from any third party as though it came from the other endpoint. - **Forward Secrecy**: The adversary should not be able to learn what data was exchanged between two Status clients if, at some later time, the adversary compromises one or both of the endpoint devices. +- **Integrity**: The adversary should not be able to cause either endpoint of a Status 1:1 chat to accept data to accept data that has been tampered with. - ### Conventions @@ -285,7 +285,7 @@ TODO: description here > No honest party will accept a message that has been modified in transit. - Yes. -- Assuming a user validates (TODO: Check this assumption) every message they are able to decrypt and validates its signature from the sender, then it is not able to be altered in transit. +- Assuming a user validates (TODO: Check this assumption) every message they are able to decrypt and validate its signature from the sender, then it is not able to be altered in transit. * [igorm] i'm really not sure about it, Whisper provides a signature, but I'm not sure we check it anywhere (simple grepping didn't give anything) * [andrea] Whisper checks the signature and a public key is derived from it, we check the public key is a meaningful public key. The pk itself is not in the content of the message for public chats/1-to-1 so potentially you could send a message from a random account without having access to the private key, but that would not be much of a deal, as you might just as easily create a random account) @@ -356,7 +356,7 @@ TODO: Verify if this can be done already by looking at Lamport clock difference #### Message Unlinkability (NO) > If a judge is convinced that a participant authored one message in the conversation, this does not provide evidence that they authored other messages -- Currently, the Status software signs every messages sent with the user's public key, thus making it no able to give unlinkability. +- Currently, the Status software signs every messages sent with the user's public key, thus making it unable to provide unlinkability. - This is not necessary though, and could be built in to have an option to not sign. - Side note: moot account allows for this but is a function of the anonymity set that uses it. The more people that use this account the stronger the unlinkability. @@ -390,7 +390,7 @@ TODO: Verify if this can be done already by looking at Lamport clock difference - Accept invitation to group - Leave group - Non-Members: - - Invited by admins show up as "invited" in group; this leaks contacat information + - Invited by admins show up as "invited" in group; this leaks contact information - Invited people don't opt-in to being invited TODO: Group chat dynamics should have a documented state diagram From 43c9c6b167a951f03fd3e87ff4b9c7a331a3510f Mon Sep 17 00:00:00 2001 From: kdeme Date: Fri, 6 Sep 2019 15:49:35 +0200 Subject: [PATCH 02/11] Minor fixes and typo corrections --- status-secure-transport-spec.md | 2 ++ status-whisper-usage-spec.md | 23 ++++++++++++----------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/status-secure-transport-spec.md b/status-secure-transport-spec.md index 0cde88d..6f1ecc7 100644 --- a/status-secure-transport-spec.md +++ b/status-secure-transport-spec.md @@ -84,6 +84,8 @@ Furthermore, Status uses the concept of prekeys (through the use of [X3DH](https Status uses the following cryptographic primitives: - Whisper - AES-256-GCM + - ECIES + - ECDSA - KECCAK-256 - X3DH - Elliptic curve Diffie-Hellman key exchange (secp256k1) diff --git a/status-whisper-usage-spec.md b/status-whisper-usage-spec.md index cabbec5..ea70f1b 100644 --- a/status-whisper-usage-spec.md +++ b/status-whisper-usage-spec.md @@ -122,10 +122,10 @@ There is some tight coupling between the payload and Whisper: ## Whisper node configuration -If you want to run a Whisper node and receive messages from Status clients, it must be properly cnofigured. +If you want to run a Whisper node and receive messages from Status clients, it must be properly configured. Whisper's Proof Of Work algorithm is used to deter denial of service and various spam/flood attacks against the Whisper network. The sender of a message must perform some work which in this case means processing time. Because Status' main client is a mobile client, this easily leads to battery draining and poor performance of the app itself. Hence, all clients MUST use the following Whisper node settings: -* proof-of-work not larger than `0.002` +* proof-of-work requirement not larger than `0.002` * time-to-live not lower than `10` (in seconds) @@ -135,10 +135,11 @@ Whisper's Proof Of Work algorithm is used to deter denial of service and various ## Keys management The protocol requires a key (symmetric or asymmetric) for the following actions: -* signing a message (a private key) -* decrypting received messages (a private key or symmetric key). +* signing & verifying messages (asymmetric key) +* encrypting & decrypting messages (asymmetric or symmetric key). -As private keys and symmetric keys are required to process incoming messages, they must be available all the time and are stored in memory. +As asymmetric keys and symmetric keys are required to process incoming messages, +they must be available all the time and are stored in memory. Keys management for PFS is described in [Perfect forward secrecy section](#perfect-forward-secrecy-pfs). @@ -205,7 +206,7 @@ As not all messages are encrypted with PFS, a following strategy MAY be used: 2. Try to decrypt the message payload using PFS algorithm 2.1. If successful, pass the decrypted value to (3) 2.2. If failed, pass the unchanged payload to (3) -3. Decode the payload as described in [Paylooad](#payload) section +3. Decode the payload as described in [Payloads](https://github.com/status-im/specs/blob/master/status-payloads-spec.md) specification TODO: link to a separate document (currently in the PR). @@ -232,7 +233,7 @@ Sending a message is fairly easy and relies on the Whisper RPC API, however, som 4. `topic` MUST be set accordingly to [Topic](#topic) section and hex-encoded 5. `payload` MUST be a hex-encoded string 6. `powTime` MAY be arbitrary but should be enough to perform proof-of-work - 7. `powTarget` MUST be equal or lower than `0.002`. + 7. `powTarget` MUST be equal or higher than `0.002`. Note: these instructions are for the Whisper V6 RPC API. If you use Whisper service directly or Go `shhclient`, the parameters might have different types. @@ -249,7 +250,7 @@ Receiving private messages depends on Whisper filters idea. Upon receiving, mess 1. Add your private key to Whisper using [`shh_addPrivateKey`](https://github.com/ethereum/go-ethereum/wiki/Whisper-v6-RPC-API#shh_addprivatekey) and save the result as `sigKeyID` 2. Call [`shh_subscribe`](https://github.com/ethereum/go-ethereum/wiki/Whisper-v6-RPC-API#shh_subscribe) with criteria: - 1. `minPow` MUST be at least `0.002` + 1. `minPow` MAY be at least `0.002` 2. `topics` MUST be list of hex-encoded topics you expect messages to receive from (follow [Topic](#topic) section) 3. `allowP2P` MUST be set to `true` if offline messages are supported, otherwise can be `false`. @@ -261,7 +262,7 @@ Learn more following [Whisper V6 RPC API](https://github.com/ethereum/go-ethereu Public messages are encrypted with a symmetric key which is publicly known so anyone can participate in the conversation. -The fact that anyone can participate makes the public chats voulnerable to spam attacks. Also, there are no moderators of these chats. +The fact that anyone can participate makes the public chats vulnerable to spam attacks. Also, there are no moderators of these chats. ## Sending @@ -273,7 +274,7 @@ The fact that anyone can participate makes the public chats voulnerable to spam 4. `topic` MUST be set accordingly to [Topic](#topic) section and hex-encoded, 5. `payload` MUST be a hex-encoded string, 6. `powTime` MAY be arbitrary but should be enough to perform proof-of-work - 7. `powTarget` MUST be equal or lower than `0.002`. + 7. `powTarget` MUST be equal or higher than `0.002`. Learn more following [Whisper V6 RPC API](https://github.com/ethereum/go-ethereum/wiki/Whisper-v6-RPC-API). @@ -283,7 +284,7 @@ Receiving public messages depends on Whisper filters idea. Upon receiving, messa 1. Calculate a symmetric key using [`shh_generateSymKeyFromPassword`](https://github.com/ethereum/go-ethereum/wiki/Whisper-v6-RPC-API#shh_generatesymkeyfrompassword) passing public chat name as a string and save the result to `symKeyID` 2. Call [`shh_subscribe`](https://github.com/ethereum/go-ethereum/wiki/Whisper-v6-RPC-API#shh_subscribe) with criteria: - 1. `minPow` MUST be at least `0.002` + 1. `minPow` MAY be at least `0.002` 2. `topics` MUST be list of hex-encoded topics you expect messages to receive from (follow [Topic](#topic) section) 3. `allowP2P` MUST be set to `true` if offline messages are supported, otherwise can be `false`. From 379731cda5cccb741fcbb2293d2ad6baeadf9d0c Mon Sep 17 00:00:00 2001 From: Andrea Maria Piana Date: Mon, 9 Sep 2019 10:13:29 +0200 Subject: [PATCH 03/11] Add payload specs --- status-group-chats-spec.md | 1 + status-payloads-spec.md | 164 ++++++++++++++++++++++++++----------- 2 files changed, 119 insertions(+), 46 deletions(-) create mode 100644 status-group-chats-spec.md diff --git a/status-group-chats-spec.md b/status-group-chats-spec.md new file mode 100644 index 0000000..463d4a3 --- /dev/null +++ b/status-group-chats-spec.md @@ -0,0 +1 @@ +# Group chat specs diff --git a/status-payloads-spec.md b/status-payloads-spec.md index cfc641c..13a3fc6 100644 --- a/status-payloads-spec.md +++ b/status-payloads-spec.md @@ -21,12 +21,23 @@ as various clients created using different technologies. - [Introduction](#introduction) - [Payload wrapper](#payload-wrapper) - [Encoding](#encoding) - - [Message](#message) - - [Payload](#payload) - - [Content types](#content-types) - - [Message types](#message-types) - - [Clock vs Timestamp and message ordering](#clock-vs-timestamp-and-message-ordering) - - [Chats](#chats) + - [Types of Messages] (#types-of-messages) + - [Message](#message) + - [Payload](#payload) + - [Content types](#content-types) + - [Message types](#message-types) + - [Clock vs Timestamp and message ordering](#clock-vs-timestamp-and-message-ordering) + - [Chats](#chats) + - [Contact requests](#contact-requests) + - [Payload] (#payload) + - [Contact update] (#contact-update) + - [Handling contact messages] (#handling-contact-messages) + - [SyncInstallation](#sync-installation) + - [Payload](#payload) + - [PairInstallation](#pair-installation) + - [Payload](#payload) + - [GroupMembershipUpdate](#group-membership-update) + - [Payload](#payload) - [Upgradability](#upgradability) - [Security Considerations](#security-considerations) - [Design rationale](#design-rationale) @@ -56,43 +67,28 @@ If a signature is not present but an author is provided by a layer below, the me The payload is encoded using [Transit format](https://github.com/cognitect/transit-format). Transit was chosen over JSON in order to reduce the bandwidth. -Example of a valid encoded payload: +## Types of messages -``` -["~#c4",["abc123","text/plain","~:public-group-user-message",154593077368201,1545930773682,["^ ","~:chat-id","testing-adamb","~:text","abc123"]]] -``` +### Message -The message is an array and each index value has its meaning: -* 0: `c4` is a decoder handler identification for the current payload format. Identifications allow to register handlers for many different types of payload -* 1: array which items correspond to the described payload fields above +The type `Message` represents a text message exchanged between clients and is identified by the transit tag `c4`. -For more details regarding serialization and deserialization please consult [transit format](https://github.com/cognitect/transit-format) specification. - - - -## Message - -The type `Message` represents a text message exchanged between clients. - - - -### Payload +#### Payload Payload is a struct (a compound data type) with the following fields (order is important): -| Field | Name | Type | -| ----- | ---- | ---- | -| 1 | text | `string` | -| 2 | content type | `enum` (more in [Content types](#content-types)) | -| 3 | message type | `enum` (more in [Message types](#message-types)) | -| 4 | clock | `int64` | -| 5 | timestamp | `int64` | -| 6 | content | `struct { chat-id string, text string }` | +| Field | Name | Type | Description | +| ----- | ---- | ---- | ---- | +| 1 | text | `string` | The text version of the message content | +| 2 | content type | `enum` (more in [Content types](#content-types)) | See details | +| 3 | message type | `enum` (more in [Message types](#message-types)) | See details | +| 4 | clock | `int64` | See details | +| 5 | timestamp | `int64` | See details | +| 6 | content | `struct { chat-id string, text string, response-to string }` | The chat-id of the chat this message is destined to, the text of the content and optionally the id of the message it is responding to| -### Content types +#### Content types Content types are required for a proper interpretation of incoming messages. Not each message is a plain text but may carry a different information. @@ -110,7 +106,7 @@ These are currently underspecified. We refer to real-world implementations for c -### Message types +#### Message types Message types are required to decide how a particular message is encrypted and what metadata needs to be attached when passing a message to the transport layer. For more on this, see [Status Whisper Usage Specification](./status-whisper-usage-spec.md). @@ -122,19 +118,15 @@ The following messages types MUST be supported: * `user-message` is a private message * `group-user-message` is a message to the private group. -### Clock vs Timestamp and message ordering +#### Clock vs Timestamp and message ordering -`timestamp` MUST be Unix time calculated when the message is created. Because the peers in the Whisper network should have synchronized time, `timestamp` values should be fairly accurate among all Whisper network participants. +`timestamp` MUST be Unix time calculated when the message is created in milliseconds. This field SHOULD not be relied upon for message ordering. `clock` SHOULD be calculated using the algorithm of [Lamport timestamps](https://en.wikipedia.org/wiki/Lamport_timestamps). When there are messages available in a chat, `clock`'s value is calculated based on the last received message in a particular chat: `last-message-clock-value + 1`. If there are no messages, `clock` is initialized with `timestamp * 100`'s value. `clock` value is used for the message ordering. Due to the used algorithm and distributed nature of the system, we achieve casual ordering which might produce counterintuitive results in some edge cases. For example, when one joins a public chat and sends a message before receiving the exist messages, their message `clock` value might be lower and the message will end up in the past when the historical messages are fetched. - - -## Chats - +#### Chats Chat is a structure that helps organize messages. It's usually desired to display messages only from a single recipient or a group of recipients at a time and chats help to achieve that. @@ -149,10 +141,91 @@ All incoming messages can be matched against a chat. Below you can find a table +### Contact Requests + +These messages are used to notify the receiving end that it has been added to the sender's contact. They are identified by the transit tags `c2`, `c3`, `c4` respectively, but they are all interchangeable, meaning a client SHOULD handle them in exactly the same way. + +#### Payload + +Payload is a struct (a compound data type) with the following fields (order is important): + + +| Field | Name | Type | Description | +| ----- | ---- | ---- | ---- | +| 1 | name | `string` | The self-assigned name of the user (DEPRECATED) | +| 2 | profile image | `string` | The base64 encoded profile picture of the user | +| 3 | address | `string` | The ethereum address of the user | +| 4 | fcm-token | `string` | The FCM Token used by mobile devices for push notifications (DEPRECATED) | +| 5 | device-info | `[struct { id string, fcm-token string }]` | A list of pair `installation-id`, `fcm-token` for each device that is currently paired | + +#### Contact update + +A client SHOULD send a `ContactUpdate` to all the contacts each time: + +- The name is edited +- The profile image is edited +- A new device has been paired + +A client SHOULD also periodically send a `ContactUpdate` to all the contacts, the interval is up to the client. + + +#### Handling contact messages + +A client SHOULD handle any `Contact*` message in the same way. Any `Contact*` message with a whisper timestamp lower than the last one processed MUST be discarded. + +### SyncInstallation + +`SyncInstallation` messages are used to synchronize in a best-effort way all the paired installations. It is identified by a transit tag of `p1` + +#### Payload + +Payload is a struct (a compound data type) with the following fields (order is important): + + +| Field | Name | Type | Description | +| ----- | ---- | ---- | ---- | +| 1| contacts | `[struct { name string last-updated int device-info struct {id string fcm-token string } pending? bool}` | An array of contacts | +| 2 | account | `struct {name string photo-path string last-updated int}` | Information about your own account | +| 3 | chat | `struct {:public? bool :chat-id string}` | A description of a public chat opened by the client | + +### PairInstallation + +`PairInstallation` messages are used to propagate informations about a device to its paired devices. It is identified by a transit tag of `p2` + +#### Payload + +Payload is a struct (a compound data type) with the following fields (order is important): + + +| Field | Name | Type | Description | +| ----- | ---- | ---- | ---- | +| 1| installation-id | `string` | A randomly generated id that identifies this device | +| 2 | device-type | `string` | The OS of the device `ios`,`android` or `desktop` | +| 3 | name | `string` | The self-assigned name of the device | +| 4 | fcm-token | `string` | The FCM Token used by mobile devices for push notifications | + +### GroupMembershipUpdate + +`GroupMembershipUpdate` is a message used to propagate information about group membership changes in a group chat.. It is identified by a transit tag of `g5`. +The details are in the [Group chats specs](status-group-chats-spec.md) + +#### Payload + +Payload is a struct (a compound data type) with the following fields (order is important): + + +| Field | Name | Type | Description | +| ----- | ---- | ---- | ---- | +| 1| chat-id | `string` | The chat id of the chat where the change is to take place | +| 2 | membership-updates | See details | A list of events that describe the membership changes | +| 3 | message | `Transit message` | An optional message, described in [Message](#message) | + ## Upgradability -The current protocol format is hardly upgradable without breaking backward compatibility. Because Transit is used in this particular way described above, the only reliable option is to append a new field to the Transit record definition. It will be simply ignored by the old clients. - +There are two ways to upgrade the protocol without breaking compatibility: + +- Map fields can be enriched with a new key, which will be ignored by old clients. +- An element can be appended to the `Transit` array, which will also be ignored by old clients. ## Security Considerations @@ -162,5 +235,4 @@ TBD. ### Why are you using Transit and Protobuf? -Transit was initially chose for encoding, and Protobuf was added afterwards. This is partly due to the history of the protocol living inside of `status-react`, which is written in Clojurescript. In future versions of payload and data sync client specifications it is likely we'll move towards Protobuf only. See e.g. [Dasy](https://github.com/vacp2p/dasy) for a research proof of concept. - +Transit was initially chose for encoding, and Protobuf was added afterwards. This is partly due to the history of the protocol living inside of `status-react`, which is written in Clojurescript. From 90e0428703bd8958fe12bfe833629252c527fd9a Mon Sep 17 00:00:00 2001 From: Andrea Maria Piana Date: Mon, 9 Sep 2019 13:36:31 +0200 Subject: [PATCH 04/11] add group chat specs --- status-group-chats-spec.md | 203 ++++++++++++++++++++++++++++++++++++- 1 file changed, 202 insertions(+), 1 deletion(-) diff --git a/status-group-chats-spec.md b/status-group-chats-spec.md index 463d4a3..b8694aa 100644 --- a/status-group-chats-spec.md +++ b/status-group-chats-spec.md @@ -1 +1,202 @@ -# Group chat specs +# Status Group Chat Specification + +> Version: 0.1 (Draft) +> +> Authors: Andrea Maria Piana +> + + +## Table of Contents + +- [Abstract](#abstract) +- [Membership updates](#membership-updates) + - [Chat ID](#chat-id) + - [Signature](#signature) + - [Group membership event](#group-membership-event) + - [chat-created](#chat-created) + - [name-changed](#name-changed) + - [members-added](#members-added) + - [members-joined](#members-joined) + - [admins-added](#admins-added) + - [members-removed](#members-removed) + - [admin-removed](#admin-removed) + + +## Abstract + +This documents describes the group chat protocol used by the status application. Pairwise encryption is used among member so a message is exchanged between each participants, similarly to a one-to-one message. + +## Membership updates + +Membership updates messages are used to propagate group chat membership changes. The transit format is described in the [Status Payload Specs](status-payload-specs.md). Here we will be describing each specific field. + +The format is: + +``` +{ + "events": [], + "signature": string, + "chat-id": string +} +``` + +### Chat ID + +Each membership update MUST be sent with a corresponding `chat-id`. +The format of this chat id MUST be a string, [UUID](https://tools.ietf.org/html/rfc4122 ), concatenated with the hex-encoded public key of the creator of the chat. This chat-id MUST be validated by all clients, and should be discarded if it does not follow these rules. + +### Signature + +The signature for each event is calculated by creating a JSON array of all the `events` sorted by `clock-value` in ascending order, where each event is transformed in an array of tuples `field-name`, `value`. The last element of the array MUST be the `chat-id`. + +For example the event: + +``` + { + "chat-id": "chat-id", + "events": [ + {"b": "b-value" + "clock-value": 1, + "a": "a-value" + }, + { + "e": "e-value", + "clock-value": 0, + "a": "a-value" + } + ] + } + +``` + +Results in the structure: + +``` + [ + [ + [ + ["a" "a-value"], + ["clock-value", 0], + ["e" "e-value"] + ], + [ + ["a", "a-value"], + ["b", "b-value"], + ["clock-value", 1] + ] + ], + "chat-id" + ] +``` + +This structure is then stringified and the `Keccak256` of the string is then signed using its private key by the author and added to the payload. + + +### Group membership event + +Any group membership event receive MUST be verified using by calculating the signature as in the method described above, and the author MUST be extracted from it, if the verification fails the event MUST be discarded. + +#### chat-created + +``` +{ + "type": "chat-created", + "name": string + "clock-value": uint +} +``` + + +Chat created event is the first event that needs to be sent. Any event with a clock value lower then this MUST be discarded. +Upon receiving this event a client MUST validate the `chat-id` provided with the updates and create a chat with identified by `chat-id` and named `name`. + +#### name-changed + +``` +{ + "type": "name-changed" + "name": string + "clock-value": uint +} +``` + +A name changed event is used by admins to change the name of the group chat. +Upon receiving this event a client MUST validate the `chat-id` provided with the updates and MUST ensure the author of the event is an admin of the chat, otherwise the event MUST be ignored. +If the event is valid the chat name SHOULD be changed to `name`. + + +#### members-added + +``` +{ + "type": "members-added" + "members": [string] + "clock-value": uint +} +``` + +A members added event is used by admins to add members to the chat. +Upon receiving this event a client MUST validate the `chat-id` provided with the updates and MUST ensure the author of the event is an admin of the chat, otherwise the event MUST be ignored. +If the event is valid a client SHOULD update the list of members of the chat who have not joined, adding the `members` received. +`members` is an array of hex encoded public keys. + +#### member-joined + +``` +{ + "type": "member-joined" + "member": string + "clock-value": uint +} +``` + +A members joined event is used by a member of the chat to signal that they want to start receiving messages from this chat. +Upon receiving this event a client MUST validate the `chat-id` provided with the updates and MUST ensure the author of the event is the same as the one specified by the `member` field. +If the event is valid a client SHOULD update the list of members of the chat who joined, adding `member`. Any `message` sent to the group chat should now include the newly joined member. + +#### admins-added + +``` +{ + "type": "admins-added" + "members": [string] + "clock-value": uint +} +``` + +An admins added event is used by admins to add make other admins in the chat. +Upon receiving this event a client MUST validate the `chat-id` provided with the updates, MUST ensure the author of the event is an admin of the chat and MUST ensure all `members` are already `members` of the chat, otherwise the event MUST be ignored. +If the event is valid a client SHOULD update the list of admins of the chat, adding the `members` received. +`members` is an array of hex encoded public keys. + +#### member-removed + +``` +{ + "type": "member-removed" + "member": string + "clock-value": uint +} +``` + +A member-removed event is used to leave or kick members of the chat. +Upon receiving this event a client MUST validate the `chat-id` provided with the updates, MUST ensure that: +- If the author of the event is an admin, target can only be themselves or a non-admin member. +- If the author of the event is not an admin, the target of the event can only be themselves. +- +If the event is valid a client SHOULD remove the member from the list of `members`/`admins` of the chat, and no further message should be sent to them. + +#### admin-removed + +``` +{ + "type": "admin-removed" + "member": string + "clock-value": uint +} +``` + +An admin-removed event is used to drop admin privileges. +Upon receiving this event a client MUST validate the `chat-id` provided with the updates, MUST ensure that the author of the event is also the target of the event. + +If the event is valid a client SHOULD remove the member from the list of `admins` of the chat. From a5b69f1cb59f374de4d481b421124a85b1a65984 Mon Sep 17 00:00:00 2001 From: Adam Babik Date: Tue, 10 Sep 2019 08:21:00 +0200 Subject: [PATCH 05/11] clarify mailserver spec --- status-whisper-mailserver-spec.md | 63 +++++++++++++------------------ 1 file changed, 27 insertions(+), 36 deletions(-) diff --git a/status-whisper-mailserver-spec.md b/status-whisper-mailserver-spec.md index 15e0dbd..366e279 100644 --- a/status-whisper-mailserver-spec.md +++ b/status-whisper-mailserver-spec.md @@ -3,63 +3,54 @@ > > Authors: Adam Babik , Oskar Thorén (alphabetical order) +- [Status Whisper Mailserver Specification](#status-whisper-mailserver-specification) + - [Abstract](#abstract) + - [Mailserver](#mailserver) + - [Archiving messages](#archiving-messages) + - [Delivering messages](#delivering-messages) + - [Security considerations](#security-considerations) + - [Confidentiality](#confidentiality) + - [Altruistic and centralized operator risk](#altruistic-and-centralized-operator-risk) + - [Privacy concerns](#privacy-concerns) + - [Denial-of-service](#denial-of-service) + ## Abstract -Status clients are often offline. In order to allow clients to talk to each other while one is offline, we provide offline inboxing. +Being mostly offline is an intrinsic property of mobile clients. They need to save network transfer and battery consumption to avoid spending too much money or constant charging. Whisper protocol, on the other hand, is an online protocol. Messages are available in the Whisper network only for short period of time calculate in seconds. -This current specification is an extension of Whisper v6 and operates under a store-and-forward model. - -## Table of Contents - -TBD. - -## Introduction - -In the case of mobile clients which are often offline, there is a strong need to have an ability to download offline messages. By offline messages, we mean messages sent into the Whisper network and expired before being collected by the recipient. A message stays in the Whisper network for a duration specified as `TTL` (time-to-live) property. - -See [EIP-627](https://eips.ethereum.org/EIPS/eip-627) for more detail on *Whisper Mail Server* and *Whisper Mail Client*. +Whisper Mailserver is a Whisper extension that allows to store messages permamently and deliver them to the clients even though they are already not available in the network and expired. ## Mailserver -A mailserver can either be running as a server or as a client. +From the network perspective, Mailserver is just like any other Whisper node. The only different is that it has a capability of archiving messages and delivering them to its peers on-demand. -Since Whisper is a form of DHT, a mailserver only requires a specific relationship with the receiver of a message, not with the sender of a message. +It is important to notice that Mailserver will only handle requests from its direct peers and exchanged packets between Mailserver and a peer are p2p messages. -### Server +### Archiving messages - +In order to store messages, one MUST implement the interface below and MUST register it within a Whisper service. The only known Whisper implementation that allows that is [geth](https://github.com/ethereum/go-ethereum). -`MailServer` is an interface with two methods: +`MailServer` interface consist of: * `Archive(env *Envelope)` * `DeliverMail(whisperPeer *Peer, request *Envelope)` -### Client +### Delivering messages -A Whisper client needs to register a mail server instance which will be used by [geth's Whisper service](https://github.com/ethereum/go-ethereum/blob/v1.8.23/whisper/whisperv6/whisper.go#L209-L213). +Mailserver delivers archieved messages to a peer after receiving a Whisper packet with code `p2pRequestCode`. Messages are delivered asynchronously, i.e. a requester sends a Whisper packet with code `p2pRequestCode` and at some point later, it will start receiving Whisper packets with code `p2pMessageCode`. -If a mail server is registered for a given Whisper client, it will save all incoming messages on a local disk (this is the simplest implementation, it can store the messages wherever it wants, also using technologies like swarm and IPFS) in the background. +How a peer can initialize the request to a Mailserver is up to the implementator. Status peers acting as Mailserver expose two additional JSON-RPC methods: `shhext_requestMessages` and `shh_requestMessagesSync`. -Notice that each node is meant to be independent and SHOULD keep a copy of all historic messages. High Availability (HA) can be achieved by having multiple nodes in different locations. Additionally, each node is free to store messages in a way which provides storage HA as well. - -Saved messages are delivered to a requester (another Whisper peer) asynchronously as a response to `p2pMessageCode` message code. This is not exposed as a JSON-RPC method in `shh` namespace but it's exposed in status-go as `shhext_requestMessages` and blocking `shh_requestMessagesSync`. Read more about [Whisper V6 extensions](#whisper-v6-extensions-or-status-whisper-node). - -In order to receive historic messages from a filter, p2p messages MUST be allowed when creating the filter. Receiving p2p messages is implemented in [geth's Whisper V6 implementation](https://github.com/ethereum/go-ethereum/blob/v1.8.23/whisper/whisperv6/whisper.go#L739-L751). +Because all packets exchanged between a Mailserver and a peer are p2p packets, all filters created by a peer from which it expectes to receive archived messages MUST allow processing of direct peer-to-peer messages. ## Security considerations ### Confidentiality -All Whisper envelopes are encrypted, and a mailserver node can't inspect their contents. - -### High-availability - -Since mailservers rely on being online to receive messages on behalf of other clients, this puts a high-availability requirement on individual nodes. - -In practice, it is best to treat individual nodes as a form of a cache, and ensure consistency of messages at a different layer. See data sync layer. +All Whisper envelopes are encrypted. Mailserver node can not inspect their contents. ### Altruistic and centralized operator risk -In order to be useful, a mailserver has to be online most of time. That means +In order to be useful, a mailserver SHOULD be online most of time. That means you either have to be a bit tech-savvy to run your own node, or rely on someone else to run it for you. @@ -71,9 +62,9 @@ A Status client SHOULD allow the mailserver selection to be customizable. ### Privacy concerns -In order to use a mail server, a given node needs to connect to it directly, -i.e. add the mail server as its peer and mark it as trusted. This means that the -mail server is able to send direct p2p messages to the node instead of +In order to use a Mailserver, a given node needs to connect to it directly, +i.e. add the Mailserver as its peer and mark it as trusted. This means that the +Mailserver is able to send direct p2p messages to the node instead of broadcasting them. Effectively, it knows which topics the node is interested in, when it is online as well as many metadata like IP address. From 494d0a74bbd20bc82a95d1bdebc696fb4f9d2b26 Mon Sep 17 00:00:00 2001 From: Andrea Maria Piana Date: Tue, 10 Sep 2019 13:32:24 +0200 Subject: [PATCH 06/11] Update secure transport --- status-account-spec.md | 11 ++++------ status-secure-transport-spec.md | 13 +++++------- status-session-management-spec.md | 35 +++++-------------------------- 3 files changed, 14 insertions(+), 45 deletions(-) diff --git a/status-account-spec.md b/status-account-spec.md index f471b7d..be4f149 100644 --- a/status-account-spec.md +++ b/status-account-spec.md @@ -89,8 +89,8 @@ not do this. ### X3DH Prekey bundles - A client SHOULD regenerate a new X3DH prekey bundle every 24 hours. This MAY be done in a lazy way, such that a client that does not come online past this time period does not regenerate or broadcast bundles. -- The current bundle MUST be broadcast on a whisper topic specific to his Identity Key, `{IK}-contact-code`, intermittently. This MAY be done every 6 hours. -- A bundle MUST accompany every message sent. +- The current bundle SHOULD be broadcast on a whisper topic specific to his Identity Key, `{IK}-contact-code`, intermittently. This MAY be done every 6 hours. +- A bundle SHOULD accompany every message sent. - TODO: retreival of long-time offline users bundle via `{IK}-contact-code` ## Optional Account additions @@ -131,7 +131,7 @@ not do this. - is not a public key #### Private 1:1 messages -This can be done in a the following ways: +This can be done in the following ways: 1. scanning a user generated QR code 1. discovery through the Status app 1. asyncronous X3DH key exchange @@ -156,10 +156,7 @@ This can be done in a the following ways: - include BundleContainer??? - a new bundle SHOULD be created at least every 12 hours - a bundle is only generated when it is used -- a bundle MUST be distributed on the contact code channel (NOTE: define this where?) - -#### QR code -- A generated QR code should include a X3DH bundle set along with the contact code but I can't find the code to do so. +- a bundle SHOULD be distributed on the contact code channel. This is the whisper topic `{IK}-contact-code`, where `IK` is the hex encoded public key of the user, prefixed with `0x`. The channel is encrypted in the same way public chats are encrypted. ### Contact Verification Once you have the information of a contact, the following can be used to verify that the key material is as it should be. diff --git a/status-secure-transport-spec.md b/status-secure-transport-spec.md index 0cde88d..a9e689a 100644 --- a/status-secure-transport-spec.md +++ b/status-secure-transport-spec.md @@ -46,9 +46,9 @@ In this document we describe how a secure channel is established, and how variou - **Confidentiality**: The adversary should not be able to learn what data is being exchanged between two Status clients. - **Authenticity**: The adversary should not be able to cause either endpoint of a Status 1:1 chat to accept data from any third party as though it came from the other endpoint. - **Forward Secrecy**: The adversary should not be able to learn what data was exchanged between two Status clients if, at some later time, the adversary compromises one or both of the endpoint devices. +- **Integrity**: The adversary should not be able to modify the data. - - +All of these properties are ensured by the use of [Signal's Double Ratchet](https://signal.org/docs/specifications/doubleratchet/) ### Conventions @@ -106,9 +106,7 @@ Every client initially generates some key material which is stored locally: More details can be found in the `X3DH Prekey bundle creation` section of [Account specification](./status-account-spec.md#x3dh-prekey-bundle-creation). -A `contact-code` is a protobuf `Bundle` message, encoded in `JSON` and converted to their `base64` string representation. - -Prekey bundles are can be extracted from any user's messages, or found via searching for their specific contact code topic, `{IK}-contact-code`. +Prekey bundles can be extracted from any user's messages, or found via searching for their specific topic, `{IK}-contact-code`. TODO: See below on bundle retrieval, this seems like enhancement and parameter for recommendation @@ -127,6 +125,8 @@ In the X3DH specification, a shared server is typically used to store bundles an +Currently only public and one-to-one message exchanges and Whisper is used to exchange bundles. + Since bundles stored in QR codes or ENS records cannot be updated to delete already used keys, the approach taken is to rotate more frequently the bundle (once every 24 hours), which will be propagated by the app through the channel available. ### 1:1 chat contact request @@ -190,8 +190,6 @@ The initial message sent by Alice to Bob is sent as a top-level `ProtocolMessage ``` protobuf message ProtocolMessage { - Bundle bundle = 1; - string installation_id = 2; repeated Bundle bundles = 3; @@ -205,7 +203,6 @@ message ProtocolMessage { } ``` -- `bundle`: optional bundle is exchanged with each message, deprecated; - `bundles`: a sequence of bundles - `installation_id`: the installation id of the sender - `direct_message` is a map of `DirectMessageProtocol` indexed by `installation-id` diff --git a/status-session-management-spec.md b/status-session-management-spec.md index a9af205..40f36b1 100644 --- a/status-session-management-spec.md +++ b/status-session-management-spec.md @@ -39,11 +39,11 @@ A new session is initialized once a successful X3DH exchange has taken place. Su ## Concurrent sessions -If two sessions are created concurrently between two peers the one with the symmetric key, first in byte order should be used this marks that the other has expired. +If two sessions are created concurrently between two peers the one with the symmetric key first in byte order SHOULD be used, this marks that the other has expired. ## Re-keying -On receiving a bundle from a given peer with a higher version, the old bundle should be marked as expired and a new session should be established on the next message sent. +On receiving a bundle from a given peer with a higher version, the old bundle SHOULD be marked as expired and a new session SHOULD be established on the next message sent. ## Multi-device support @@ -51,7 +51,7 @@ Multi-device support is quite challenging as we don't have a central place where Furthermore we always need to take account recovery in consideration, where the whole device is wiped clean and all the information about any previous sessions is lost. -Taking these considerations into account, the way multi-device information is propagated through the network is through bundles/contact codes, which will contain information about paired devices as well as information about the sending device. +Taking these considerations into account, the way multi-device information is propagated through the network is through x3dh bundles, which will contain information about paired devices as well as information about the sending device. This mean that every time a new device is paired, the bundle needs to be updated and propagated with the new information, and the burden is put on the user to make sure the pairing is successful. @@ -59,6 +59,7 @@ The method is loosely based on https://signal.org/docs/specifications/sesame/ . + ## Pairing @@ -66,7 +67,7 @@ When a user adds a new account in the `Status` application, a new `installation- Any time a bundle from your `IK` but different `installation-id` is received, the device will be shown to the user and will have to be manually approved, to a maximum of 3. Once that is done any message sent by one device will also be sent to any other enabled device. -Once a new device is enabled, a new contact-code/bundle will be generated which will include pairing information. +Once a new device is enabled, a new bundle will be generated which will include pairing information. The bundle will be propagated to contacts through the usual channels. @@ -90,29 +91,3 @@ In this case an empty message containing bundle information is sent back, which ## Trust establishment Trust establishment deals with users verifying they are communicating with who they think they are. - - - -### Contact request - -Once two accounts have been generated (Alice and Bob), Alice can send a contact request with an introductory message to Bob. - -There are two possible scenarios, which dictate the presence or absence of a prekey bundle: -1. If Alice is using Bob's public chat key or ENS name, no prekey bundle is present; -1. If Alice found Bob through the app or scanned Bob's QR code, a prekey bundle is embedded and can be used to set up a secure channel as described in the [Initial key exchange flow X3DH](#initial-key-exchange-flow-X3DH) section. - -Bob receives a contact request, informing him of: -- Alice's introductory message. - -If Bob's prekey bundle was not available to Alice, Perfect Forward Secrecy hasn't yet been established. In any case, there are no implicit guarantees that Alice is whom she claims to be, and Bob should perform some form of external verification (e.g., using an Identicon). - -If Bob accepts the contact request, a secure channel is created (if it wasn't already), and a visual indicator is displayed to signify that PFS has been established. Bob and Alice can then start exchanging messages, making use of the Double Ratchet algorithm as explained in more detail in [Double Ratchet](#double-ratchet) section. -If Bob denies the request, Alice is not able to send messages and the only action available is resending the contact request. - -## Expired session - -Expired session should not be used for new messages and should be deleted after 14 days from the expiration date, in order to be able to decrypt out-of-order and mailserver messages. - -## Stale devices - -When a bundle is received from `IK` a timer is initiated on any `installation-id` belonging to `IK` not included in the bundle. If after 7 days no bundles are received from these devices they are marked as `stale` and no message will be sent to them. From 51300922ac0b8652922e00c4aceecb103cefc31b Mon Sep 17 00:00:00 2001 From: Andrea Maria Piana Date: Tue, 10 Sep 2019 09:06:57 +0200 Subject: [PATCH 07/11] address feedback --- status-group-chats-spec.md | 22 ++++++++++++---------- status-payloads-spec.md | 23 ++++++----------------- 2 files changed, 18 insertions(+), 27 deletions(-) diff --git a/status-group-chats-spec.md b/status-group-chats-spec.md index b8694aa..d885584 100644 --- a/status-group-chats-spec.md +++ b/status-group-chats-spec.md @@ -34,7 +34,7 @@ The format is: ``` { - "events": [], + "events": [struct {"type": string, "member": string, "members": [string], "clock-value": uint, "name": string], "signature": string, "chat-id": string } @@ -43,11 +43,12 @@ The format is: ### Chat ID Each membership update MUST be sent with a corresponding `chat-id`. -The format of this chat id MUST be a string, [UUID](https://tools.ietf.org/html/rfc4122 ), concatenated with the hex-encoded public key of the creator of the chat. This chat-id MUST be validated by all clients, and should be discarded if it does not follow these rules. +The format of this chat id MUST be a string, [UUID](https://tools.ietf.org/html/rfc4122 ), concatenated with the hex-encoded public key of the creator of the chat. This chat-id MUST be validated by all clients, and MUST be discarded if it does not follow these rules. ### Signature -The signature for each event is calculated by creating a JSON array of all the `events` sorted by `clock-value` in ascending order, where each event is transformed in an array of tuples `field-name`, `value`. The last element of the array MUST be the `chat-id`. +The signature for each event is calculated by creating a JSON array of all the `events` sorted by `clock-value` in ascending order, where each event is transformed in an array of tuples `field-name`, `value`, sorted by `field-name` in ascending alphabetical order. The last element of the array MUST be the `chat-id`. +Empty fields MUST be removed. For example the event: @@ -89,12 +90,13 @@ Results in the structure: ] ``` -This structure is then stringified and the `Keccak256` of the string is then signed using its private key by the author and added to the payload. +This structure is then stringified collapsing all whitespaces and the `Keccak256` of the string is then signed using its private key by the author and added to the payload. ### Group membership event -Any group membership event receive MUST be verified using by calculating the signature as in the method described above, and the author MUST be extracted from it, if the verification fails the event MUST be discarded. +Any group membership event received MUST be verified by calculating the signature as per the method described above. +The author MUST be extracted from it, if the verification fails the event MUST be discarded. #### chat-created @@ -137,7 +139,7 @@ If the event is valid the chat name SHOULD be changed to `name`. A members added event is used by admins to add members to the chat. Upon receiving this event a client MUST validate the `chat-id` provided with the updates and MUST ensure the author of the event is an admin of the chat, otherwise the event MUST be ignored. -If the event is valid a client SHOULD update the list of members of the chat who have not joined, adding the `members` received. +If the event is valid a client MUST update the list of members of the chat who have not joined, adding the `members` received. `members` is an array of hex encoded public keys. #### member-joined @@ -152,7 +154,7 @@ If the event is valid a client SHOULD update the list of members of the chat who A members joined event is used by a member of the chat to signal that they want to start receiving messages from this chat. Upon receiving this event a client MUST validate the `chat-id` provided with the updates and MUST ensure the author of the event is the same as the one specified by the `member` field. -If the event is valid a client SHOULD update the list of members of the chat who joined, adding `member`. Any `message` sent to the group chat should now include the newly joined member. +If the event is valid a client MUST update the list of members of the chat who joined, adding `member`. Any `message` sent to the group chat should now include the newly joined member. #### admins-added @@ -166,7 +168,7 @@ If the event is valid a client SHOULD update the list of members of the chat who An admins added event is used by admins to add make other admins in the chat. Upon receiving this event a client MUST validate the `chat-id` provided with the updates, MUST ensure the author of the event is an admin of the chat and MUST ensure all `members` are already `members` of the chat, otherwise the event MUST be ignored. -If the event is valid a client SHOULD update the list of admins of the chat, adding the `members` received. +If the event is valid a client MUST update the list of admins of the chat, adding the `members` received. `members` is an array of hex encoded public keys. #### member-removed @@ -184,7 +186,7 @@ Upon receiving this event a client MUST validate the `chat-id` provided with the - If the author of the event is an admin, target can only be themselves or a non-admin member. - If the author of the event is not an admin, the target of the event can only be themselves. - -If the event is valid a client SHOULD remove the member from the list of `members`/`admins` of the chat, and no further message should be sent to them. +If the event is valid a client MUST remove the member from the list of `members`/`admins` of the chat, and no further message should be sent to them. #### admin-removed @@ -199,4 +201,4 @@ If the event is valid a client SHOULD remove the member from the list of `member An admin-removed event is used to drop admin privileges. Upon receiving this event a client MUST validate the `chat-id` provided with the updates, MUST ensure that the author of the event is also the target of the event. -If the event is valid a client SHOULD remove the member from the list of `admins` of the chat. +If the event is valid a client MUST remove the member from the list of `admins` of the chat. diff --git a/status-payloads-spec.md b/status-payloads-spec.md index 13a3fc6..81f8ca8 100644 --- a/status-payloads-spec.md +++ b/status-payloads-spec.md @@ -90,7 +90,7 @@ Payload is a struct (a compound data type) with the following fields (order is i #### Content types -Content types are required for a proper interpretation of incoming messages. Not each message is a plain text but may carry a different information. +Content types are required for a proper interpretation of incoming messages. Not each message is plain text but may carry a different information. The following content types MUST be supported: * `text/plain` identifies a message which content is a plain text. @@ -143,18 +143,16 @@ All incoming messages can be matched against a chat. Below you can find a table ### Contact Requests -These messages are used to notify the receiving end that it has been added to the sender's contact. They are identified by the transit tags `c2`, `c3`, `c4` respectively, but they are all interchangeable, meaning a client SHOULD handle them in exactly the same way. +Contact requests consists in 3 kind of messages: `ContactRequest`, `ContactRequestConfirmed` and `ContactUpdate`. +These messages are used to notify the receiving end that it has been added to the sender's contact. They are identified by the transit tags `c2`, `c3`, `c4` respectively, but they are all interchangeable, meaning a client SHOULD handle them in exactly the same way. The payload of the 3 messages is identical. #### Payload -Payload is a struct (a compound data type) with the following fields (order is important): - - | Field | Name | Type | Description | | ----- | ---- | ---- | ---- | | 1 | name | `string` | The self-assigned name of the user (DEPRECATED) | | 2 | profile image | `string` | The base64 encoded profile picture of the user | -| 3 | address | `string` | The ethereum address of the user | +| 3 | address | `string` | The ethereum address of the user | | 4 | fcm-token | `string` | The FCM Token used by mobile devices for push notifications (DEPRECATED) | | 5 | device-info | `[struct { id string, fcm-token string }]` | A list of pair `installation-id`, `fcm-token` for each device that is currently paired | @@ -166,7 +164,7 @@ A client SHOULD send a `ContactUpdate` to all the contacts each time: - The profile image is edited - A new device has been paired -A client SHOULD also periodically send a `ContactUpdate` to all the contacts, the interval is up to the client. +A client SHOULD also periodically send a `ContactUpdate` to all the contacts, the interval is up to the client, the Status official client sends these updates every 48 hours. #### Handling contact messages @@ -179,9 +177,6 @@ A client SHOULD handle any `Contact*` message in the same way. Any `Contact*` me #### Payload -Payload is a struct (a compound data type) with the following fields (order is important): - - | Field | Name | Type | Description | | ----- | ---- | ---- | ---- | | 1| contacts | `[struct { name string last-updated int device-info struct {id string fcm-token string } pending? bool}` | An array of contacts | @@ -194,9 +189,6 @@ Payload is a struct (a compound data type) with the following fields (order is i #### Payload -Payload is a struct (a compound data type) with the following fields (order is important): - - | Field | Name | Type | Description | | ----- | ---- | ---- | ---- | | 1| installation-id | `string` | A randomly generated id that identifies this device | @@ -211,9 +203,6 @@ The details are in the [Group chats specs](status-group-chats-spec.md) #### Payload -Payload is a struct (a compound data type) with the following fields (order is important): - - | Field | Name | Type | Description | | ----- | ---- | ---- | ---- | | 1| chat-id | `string` | The chat id of the chat where the change is to take place | @@ -224,7 +213,7 @@ Payload is a struct (a compound data type) with the following fields (order is i There are two ways to upgrade the protocol without breaking compatibility: -- Map fields can be enriched with a new key, which will be ignored by old clients. +- Struct fields can be enriched with a new key, which will be ignored by old clients. - An element can be appended to the `Transit` array, which will also be ignored by old clients. ## Security Considerations From 25114e3bc00236feb6f0cf3a5d7b51a0770893b0 Mon Sep 17 00:00:00 2001 From: Pedro Pombeiro Date: Thu, 12 Sep 2019 15:36:50 +0200 Subject: [PATCH 08/11] Update status-secure-transport-spec.md --- status-secure-transport-spec.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/status-secure-transport-spec.md b/status-secure-transport-spec.md index 4ff1e8b..06f8eac 100644 --- a/status-secure-transport-spec.md +++ b/status-secure-transport-spec.md @@ -46,7 +46,7 @@ In this document we describe how a secure channel is established, and how variou - **Confidentiality**: The adversary should not be able to learn what data is being exchanged between two Status clients. - **Authenticity**: The adversary should not be able to cause either endpoint of a Status 1:1 chat to accept data from any third party as though it came from the other endpoint. - **Forward Secrecy**: The adversary should not be able to learn what data was exchanged between two Status clients if, at some later time, the adversary compromises one or both of the endpoint devices. -- **Integrity**: The adversary should not be able to cause either endpoint of a Status 1:1 chat to accept data to accept data that has been tampered with. +- **Integrity**: The adversary should not be able to cause either endpoint of a Status 1:1 chat to accept data that has been tampered with. From b17c514d0c25508d57b3cb1e94f858bc30482deb Mon Sep 17 00:00:00 2001 From: Adam Babik Date: Tue, 17 Sep 2019 07:46:51 +0200 Subject: [PATCH 09/11] fix typo --- status-whisper-mailserver-spec.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/status-whisper-mailserver-spec.md b/status-whisper-mailserver-spec.md index 366e279..d2d1bec 100644 --- a/status-whisper-mailserver-spec.md +++ b/status-whisper-mailserver-spec.md @@ -18,7 +18,7 @@ Being mostly offline is an intrinsic property of mobile clients. They need to save network transfer and battery consumption to avoid spending too much money or constant charging. Whisper protocol, on the other hand, is an online protocol. Messages are available in the Whisper network only for short period of time calculate in seconds. -Whisper Mailserver is a Whisper extension that allows to store messages permamently and deliver them to the clients even though they are already not available in the network and expired. +Whisper Mailserver is a Whisper extension that allows to store messages permanently and deliver them to the clients even though they are already not available in the network and expired. ## Mailserver From d7e6a74579471e87ba7ea1c3ce997961e03791f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oskar=20Thor=C3=A9n?= Date: Wed, 18 Sep 2019 12:22:14 +0300 Subject: [PATCH 10/11] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b08c0ff..372b184 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ No accepted SIPs right now. The following SIPs are under consideration for standardization. -- [Status Client Specification](status-client-spec.md). The main specification for writing a Status client. +- [Status Client Specification](status-client-spec.md). The main specification for writing a Status client. **Start here** - [Status Secure Transport Specification](status-secure-transport-spec.md). How Status provide a secure transport with conversational security properties. - [Status Payload Specification](status-payloads-spec.md). What the message payloads look like. - [Status Account Specification](status-account-spec.md). What a Status account is and how trust is established. From 38ce4ebf5576537011293a0c16c30723663f2584 Mon Sep 17 00:00:00 2001 From: kdeme Date: Wed, 18 Sep 2019 15:49:14 +0200 Subject: [PATCH 11/11] Update status-whisper-usage-spec.md Review update Co-Authored-By: Adam Babik --- status-whisper-usage-spec.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/status-whisper-usage-spec.md b/status-whisper-usage-spec.md index ea70f1b..3000a24 100644 --- a/status-whisper-usage-spec.md +++ b/status-whisper-usage-spec.md @@ -284,7 +284,7 @@ Receiving public messages depends on Whisper filters idea. Upon receiving, messa 1. Calculate a symmetric key using [`shh_generateSymKeyFromPassword`](https://github.com/ethereum/go-ethereum/wiki/Whisper-v6-RPC-API#shh_generatesymkeyfrompassword) passing public chat name as a string and save the result to `symKeyID` 2. Call [`shh_subscribe`](https://github.com/ethereum/go-ethereum/wiki/Whisper-v6-RPC-API#shh_subscribe) with criteria: - 1. `minPow` MAY be at least `0.002` + 1. `minPow` MUST be `0.002` at most 2. `topics` MUST be list of hex-encoded topics you expect messages to receive from (follow [Topic](#topic) section) 3. `allowP2P` MUST be set to `true` if offline messages are supported, otherwise can be `false`.