| Internet-Draft | MIMI | May 2023 |
| Robert & Kohbrok | Expires 18 November 2023 | [Page] |
This document describes the MIMI Delivery Service.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 18 November 2023.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The MLS protocol document specifies a protocol between two or more clients. The MLS architecture document introduces an abstract concept of a "Delivery Service" that is specifically responsible for ordering handshake messages and more generally for delivering messages to the intended recipients.¶
This document describes a Delivery Service that performs the mandated ordering of handshake messages but also offers the basic functionality that is common to several messaging services. In particular, it offers the following features:¶
The Delivery Service is designed around an MLS group as a basic entity. The Delivery Service can be used with multiple groups but does not require a link between the groups. All operations of the Delivery Service are relative to a specific group.¶
The protocol is designed in a request/response pattern, whereby the client sends a DSRequest message to the Delivery Service and the Delivery Service responds with a DSResponse message. This pattern can easily be used over e.g. RESTful APIs.¶
Depending on the client's request, the Delivery Service sends a message to the Queueing Service. This happens whenever a message needs to be fanned out to all other members of a group.¶
In the federated case, messages to a guest Delivery Service can be proxied via the sender's own Delivery Service.¶
The Delivery Service can remove clients from a group by issuing remove proposals in the following cases:¶
Clients authenticate to the Delivery Service using the signature key from their respective leaf node in the group and a client-specific identifier.¶
Depending on the operation, one or more kind of client identifier can be used:¶
The identifier is encoded as follows:¶
enum {
leaf_index(0),
key_package_ref(1),
user_key_hash(2),
} DSSenderType;
struct {
DSSenderType sender_type;
select (DSSenderID.sender_type) {
case leaf_index
uint32 leaf_index;
case key_package_ref
opaque key_package_ref<V>;
case user_key_hash
opaque user_key_hash<V>;
}
} DSSenderID;
¶
To authenticate, the client signs the corresponding request. The key used to
sign/verify a given request depends on the sender_id.¶
struct {
DSSenderID sender_id;
DSRequest request;
// Signature over DSMessageTBS
opaque signature<0..255>;
} DSMessage;
struct {
DSSenderID sender_id;
DSRequest request;
} DSMessageTBS;
¶
The various request types, each corresponding to an operation, are combined as follows:¶
enum {
ds_create_group(0),
ds_delete_group(1),
...
} DSRequestType;
¶
The request type is encoded in the DSRequest message as follows:¶
struct {
DSRequestType request_type;
select (DSRequest.request_type) {
case ds_create_group:
CreateGroupRequest create_group_request;
case ds_delete_group:
DeleteGroupRequest delete_group_request;
...
}
} DSRequest;
¶
A request from the client to create a new group on the Delivery Service.¶
The client sends the following CreateGroupRequest to the Delivery Service:¶
struct {
opaque group_id<V>;
KeyPackage key_package;
ClientQueueConfig client_queue_config;
GroupInfo group_info;
} CreateGroupRequest;
¶
The Delivery Service responds with a CreateGroupResponse:¶
enum {
invalid_group_id(0),
invalid_key_package(1),
invalid_group_info(2),
} CreateGroupResponse;
¶
The Delivery Service validates the request as follows:¶
A request from the client to delete a group from the Delivery Service.¶
A request from the client to update the queue information for a group. Clients can provision a queue information object to indicate to the Delivery Service how to transmit messages to the client during fanout.¶
A request to retrieve information to join a group after having received a Welcome message. The client requests the ratchet tree and the signed GroupInfo from the Delivery Service.¶
text
struct {
opaque group_id<V>;
SignatureKey sender;
// TBD
} WelcomeInfo;
¶
A request to retrieve information to join a group, such as the ratchet tree and the signed GroupInfo from the Delivery Service.¶
text
struct {
opaque group_id<V>;
SignatureKey sender;
// TBD
} ExternalCommitInfo;
¶
A request to add one or more users to a group. The users are added by their respective KeyPackage in an MLS Add Proposal. The client create a Commit message that covers the proposals and the corresponding Welcome message.¶
text
struct {
MLSMessage commit;
MLSMessage welcome;
// TBD
} AddUsers;
¶
A request to remove one or more users from a group. The users are removed by their respective leaf node index from the group in an MLS Remove Proposal. The client create a Commit message that covers the proposals .¶
text
struct {
MLSMessage commit;
// TBD
} RemoveUsers;
¶
A request to add one or more clients of an existing user to a group.¶
```text¶
struct { MLSMessage commit; MLSMessage welcome; // TBD } AddClients; ```¶
A request to remove one or more clients of an existing user from a group.¶
text
struct {
MLSMessage commit;
// TBD
} RemoveClients;
¶
A request to update the client's leaf node in the group. Regular updates are important to get good Post-compromise Security (PCS) properties. The client creates a Commit message that contains its new leaf node.¶
text
struct {
MLSMessage commit;
// TBD
} UpdateClient;
¶
A request to resync the client with the group. This can be used to recover from state loss. The client requests the ratchet tree and the signed GroupInfo from the Delivery Service.¶
text
struct {
opaque group_id<V>;
SignatureKey sender;
// TBD
} ResyncClient;
¶
A request to update the client's fanout information. The client can use this to update its fanout information, e.g. to change the queue information.¶
text
struct {
opaque group_id<V>;
SignatureKey sender;
// TBD
} UpdateClientFanoutInfo;
¶
A request to send a message to the group. The client sends an MLS application message to the Delivery Service, which forwards it to the Queueing Service.¶
text
struct {
MLSMessage application_message;
// TBD
} SendMessage;
¶
For each group hostend on a particular Delivery Service instance, the Delivery Service keeps the following state:¶
The Queueing Service is a service that is used by the Delivery Service to fan out messages to clients. Each client has a queue that is used to store messages for later retrieval by the client. The group state on the Delivery Service contains client queue information for each client of a group. This information is forwarded to the Queueing Service along with the message during message fanout. The information is opaque to the Delivery Service and is only used by the Queueing Service to deliver the message to the client.¶
Note that this document uses the term "client queue" to refer to an abstract mechanism to forward messages to clients and does not necessarily imply that an actual queueing mechanism is used.¶
This document only specifies the interface between the Delivery Service and the Queueing Service. Other aspects of the Queueing Service are not specified in this document.¶
The Queueing Service protocol is a simple request/response protocol used between the Delivery Service and the Queueing Service.¶
Whenever the Delivery Service has validated an incoming message from a client and starts to fan out the message, it sends the following request to the Queueing Service for every client in the group:¶
struct {
opaque client_queue_information<V>;
MLSMessage message;
} QueueingServiceRequest;
¶
The Queueing Service responds with a QueueingServiceResponse:¶
enum {
ok(0),
invalid_client_queue_information(1),
} QueueingServiceResponse;
¶
In case the Queueing Service considers the client queue information to be in invalid (e.g. because the corresponding user/client has been deleted), it responds with invalid_client_queue_information. Otherwise, it responds with ok.¶
The Delivery Service can use rejected messages to subsequentially issue remove proposals to remove the client from the group. The Delivery Service rejects Commit messages and application messages until a client has sent a Commit that covers the proposals.¶
In federated environments, the Queueing Service does not necessarily have to be part of the same domain as the Delivery Service. In this case, the Delivery Service sends requests over an inter-domain transport protocol to the Queueing Service.¶
If the desired mode of operation is for the Delivery Service to learn as little as possible about the groups it serves and their members, the protocol can be extended to protect the group state on the Delivery Service. This can happen through two complementary mechanisms:¶
In practice, the requests from clients to the Delivery Server are extended with additional parameters, such as decryption keys for the group state and additional pseudonymous user-level authentication.¶
The Delivery Service can make use of the following MLS extensions:¶