In the existing state of Waku2, there is no in-band access control management. Access control is enforced through data encryption i.e., messages are encrypted and only users with the decryption keys can get access to the data. The key establishment and exchange are also done out-of-band.
Without access control, store nodes will store all the messages published on a pubsub topic/content topic without knowing whether the message owner is unauthorized to publish a message to that topic. The lack of access control can be exploited to spam the history of a group chat.
Solution ideas
This issue can be tackled in various ways:
A centralized approach: One node periodically publishes the list of current members with their signature verification, this makes so much sense especially for the permission-based group chats where the access should be granted by one entity. This approach is very close to the DNS-based discovery explained in https://github.com/vacp2p/research/issues/75 (one of the ongoing projects of waku2).
A decentralized approach: This fits best for the public chats where membership is free for everyone (Although, as the membership is open, having access control seems unnecessary). A decentralized approach allows nodes to communicate information about the current members of the group without the help of a central entity. Dynamic and decentralized group membership management techniques can be utilized for this sake.
Potential issues
Enabling access control requires some trust assumptions about the store nodes for example store nodes can be already part of the group chat so by default have access to the list of authorized users. Therefore, they can decrypt the message, extract the signature and discard or persist the message accordingly.
If store nodes are not trusted, they wont have the decryption power, which means they won't be able to see the auhtor's signature. To deal with this, we may need to attach the plain signature to the waku message to enable store nodes to read it and grant access accordingly. However, revealing the author's signature is against anonymity.
Problem
In the existing state of Waku2, there is no in-band access control management. Access control is enforced through data encryption i.e., messages are encrypted and only users with the decryption keys can get access to the data. The key establishment and exchange are also done out-of-band.
Without access control, store nodes will store all the messages published on a pubsub topic/content topic without knowing whether the message owner is unauthorized to publish a message to that topic. The lack of access control can be exploited to spam the history of a group chat.
Solution ideas
This issue can be tackled in various ways:
Potential issues
Enabling access control requires some trust assumptions about the store nodes for example store nodes can be already part of the group chat so by default have access to the list of authorized users. Therefore, they can decrypt the message, extract the signature and discard or persist the message accordingly.
If store nodes are not trusted, they wont have the decryption power, which means they won't be able to see the auhtor's signature. To deal with this, we may need to attach the plain signature to the waku message to enable store nodes to read it and grant access accordingly. However, revealing the author's signature is against anonymity.