Chat Private #93
Conversation
|
|
||
| The following mappings connect PRIVATE1 concepts to SDS fields: | ||
|
|
||
| - `sender_id`: !TODO: This requires PRIVATE1 to be identity aware |
There was a problem hiding this comment.
Unsure exactly what the best course of action is here. Recent changes to SDS requires an sender_id be attached the the SdsMessage.
This then brings in a concept of identity to this specification. Its definitely possible to introduce Identity concepts in order to pass them through to SDS, however it seems like a lot of added complexity
| - **[DOUBLERATCHET]** "The Double Ratchet Algorithm", Signal, 2016. | ||
| https://signal.org/docs/specifications/doubleratchet/ | ||
|
|
||
| - **[SDS]** "Scalable Data Sync Specification", vac, 2024. |
There was a problem hiding this comment.
All of these github references from vacp2p and waku-org are broken.
osmaczko
left a comment
osmaczko
left a comment
There was a problem hiding this comment.
Looks good overall. The reasoning behind the Content -> Segmentation -> Reliability -> Encryption layering makes sense.
Please remember to address the TODOs before merging.
| ```mermaid | ||
| flowchart LR | ||
| Content:::plain--> PrivateV1 --> Payload:::plain | ||
| classDef plain fill:none,stroke:transparent; | ||
| ``` |
There was a problem hiding this comment.
| ```mermaid | |
| flowchart LR | |
| Content:::plain--> PrivateV1 --> Payload:::plain | |
| classDef plain fill:none,stroke:transparent; | |
| ``` | |
| ```mermaid | |
| flowchart LR | |
| Content:::plain --> PrivateV1 | |
| PrivateV1 --> F1[Frame 1] --> P1[Payload 1]:::plain | |
| PrivateV1 -.-> F2[Frame 2] -.-> P2[Payload 2]:::plain | |
| PrivateV1 -.-> FN[Frame N] -.-> PN[Payload N]:::plain | |
| classDef plain fill:none,stroke:transparent; |
There was a problem hiding this comment.
I generally like these changes, but looking to understand more to see if there is more optimizations to be made.
I see two changes here.
- An explicit reference to Frames
- An specific update the the cardinality of messages.
I can see # 2 being an improvement as it explicitly refers to segmentation being a responsibility of the protocol.
At a high level does adding Frames increase understanding at a 40,000ft view?
There was a problem hiding this comment.
At a high level does adding Frames increase understanding at a 40,000ft view?
Don’t have a strong opinion here. Including frames makes it clear at first glance that segmentation happens in the chat protocol rather than in the delivery service.
There was a problem hiding this comment.
I agree that Frames seem to be unnecessary here.
Maybe something like this?
flowchart LR
Content:::plain--> PrivateV1 --> Payloads@{ shape: stacked-rectangle }
classDef plain fill:none;
class Payloads plain;
| Implementation specifics: | ||
| - Error correction is not used, as reliable delivery is already provided by lower layers. | ||
| - `segmentSize` = `max_seg_size` | ||
| - All payloads regardless of size are wrapped in a segmentation message. |
There was a problem hiding this comment.
This contradicts segmentation specs:
Messages whose payload size is ≤ segmentSize are sent unmodified.
There was a problem hiding this comment.
Great point.
I specifically have suggested a change in that PR.
Sending the message unmodified violates the functional requirement of "deterministic decoding".
To decode those messages one would first attempt to decode as a Segmentation message, and then on failure, assume its a different type.
I'd prefer to spend the extra 4 bytes and make it explicit.
There was a problem hiding this comment.
I'd prefer to spend the extra 4 bytes and make it explicit.
Totally agree 👍
igor-sirotin
left a comment
igor-sirotin
left a comment
There was a problem hiding this comment.
I wish I read it earlier!
|
|
||
| This specification defines PRIVATE1, a conversation protocol for establishing secure, full-duplex encrypted communication channels between two participants. PRIVATE1 provides end-to-end encryption with forward secrecy and post-compromise security using the Double Ratchet algorithm, combined with reliable message delivery via Scalable Data Sync (SDS) and efficient segmentation for transport-constrained environments. | ||
|
|
||
| The protocol is transport-agnostic and designed to support both direct messaging and as a foundation for group communication systems. PRIVATE1 ensures payload confidentiality, content integrity, sender privacy, and message reliability while remaining resilient to network disruptions and message reordering. |
There was a problem hiding this comment.
I'm not sure but something sounds wrong in ... support both direct messaging and as a foundation .... I get the meaning, just not sure of the language.
I think you know better, I'm just highlighting
| The protocol is transport-agnostic and designed to support both direct messaging and as a foundation for group communication systems. PRIVATE1 ensures payload confidentiality, content integrity, sender privacy, and message reliability while remaining resilient to network disruptions and message reordering. | |
| The protocol is transport-agnostic and designed to support direct messaging and serve as a foundation for group communication systems. PRIVATE1 ensures payload confidentiality, content integrity, sender privacy, and message reliability while remaining resilient to network disruptions and message reordering. |
| ```mermaid | ||
| flowchart LR | ||
| Content:::plain--> PrivateV1 --> Payload:::plain | ||
| classDef plain fill:none,stroke:transparent; | ||
| ``` |
There was a problem hiding this comment.
I agree that Frames seem to be unnecessary here.
Maybe something like this?
flowchart LR
Content:::plain--> PrivateV1 --> Payloads@{ shape: stacked-rectangle }
classDef plain fill:none;
class Payloads plain;
| - `conversation_id` SHOULD be consistent across applications to maintain interoperability | ||
|
|
||
| Additionally implementations MUST determine the following constants: | ||
| - `max_seg_size` - maximum segmentation size to be used. |
There was a problem hiding this comment.
Isn't this dictated by the transport used by an application?
If yes, then this max_seg_size should be defined by application, not protocol implementation? Or am I not getting "implementation" term here?
There was a problem hiding this comment.
Isn't this dictated by the transport used by an application?
When this was modeled it implemented relaibility inside of the converastion.
then this max_seg_size should be defined by application, n
sure. However we're trying to avoid a circular dependency. max_seg_size is a paramter that must be passed in.
| - Clients SHALL only pass `content` frames to applications | ||
| - Clients MAY drop unrecognized frame types |
There was a problem hiding this comment.
Is "clients" same thing as "implementations"?
| - Clients SHALL only pass `content` frames to applications | |
| - Clients MAY drop unrecognized frame types | |
| - Implementations SHALL only pass `content` frames to applications | |
| - Implementations MAY drop unrecognized frame types |
Cleanup of Arch, Initialization and Segmentation frame handling + initialization towards semBr Abstract away contentFrame update frame handing Remove delivery address remove partial order property Update background readability updates Update encryption and segmentation Remove stale section update payload delivery warnings Update SDS initialization Update security considerations Cleanup review comments spelling fixes fix: pyspelling config Update DR params Update standards/application/privatev1.md Co-authored-by: Igor Sirotin <igor.sirotin.1012@gmail.com> Clarify implementation
…pecs Pristine copies of the last messaging specs not covered by #315/#331, imported as-is from logos-messaging/specs so the adaptation diff is isolated in the following commit: - chat-framework (logos-messaging/specs#81) - privatev1 (logos-messaging/specs#93) - introduction-encoding (logos-messaging/specs#101) - contentframe (logos-messaging/specs#82) - tor-push (Waku v2 Tor Push) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
4 participants
This PR adds a specification which describes a conversation protocol for pairwise communication called PRIVATE1.
It covers payload generation and operation after a key has been agreed upon by both parties.
Notes
This may eventually be simplified and use Reliable Channels but its explicit in how it utilizes SDS + segmentation and the reasons for doing so.