Open oskarth opened 2 years ago
burdges
commented
2 years ago Are you thinking group messaging? If so, did you look further into MLS? I'm unsure if Matrix deployed it yet, but they were trying, and ran into some hiccups, but still making progress.
staheri14
commented
2 years ago A general comment re
Initial rough plan with decisions and trade-offs
One potential strategy to decide on what Noise protocol patterns fit is to first look at the most dominant use-case(s) of waku2 e.g., maybe as the messaging layer of Ethereum, and then identify the assumptions and security requirements around that use-case e.g., parties have pre-shared keys or not, one-side or two-side authentication is needed or not, what resources are available at parties (might affect the type of encryption or the underlying curve). By having a rough idea bout all these, we can adopt a Noise protocol pattern accordingly and proceed with that.
D4nte
commented
2 years ago For a js-waku point of view, the main question is whether there are cryptographic libraries readily available to implement the proposed encryption scheme(s) and whether js-libp2p-crypto is among them. Also, this was mentioned: https://github.com/libp2p/specs/issues/355#issuecomment-905870745 As we are part of the libp2p and Ethereum domain, we need to be aware whether the proposed encryption protocols stray from the de facto protocols used in both domain to ensure we foresee possible issues.
fryorcraken
commented
1 year ago I am guessing this can be updated as noise protocols were delivered (I see some boxes that could be ticked)
oskarth
commented
1 year ago ^ @s1fr0
Problem
We want to provide a simple, modern, and secure way for developers building on top of Waku to provider conversational security guarantees for their platforms.
For historical reasons, the way this is currently done is quite complex:
This means we don't have a simple and modern way to provide secure messaging with excepted security guarantees for platforms other than Status that works in browsers etc.
With modern frameworks such as Noise (https://noiseprotocol.org) that act as an evolution of things like Double Ratchet (same author), as well as a schelling point for the p2p space (used in libp2p and Ethereum 2 spec, as well as WireGuard and Lightning), there should be room for simplification here. It also has multiple implementations.
This would also complete the story of Waku, where users get conversational security out of the box, without having to re-implement the Status protocol (say) or come up with their own solution.
Proposed solution
We want to introduce a new experimental version 2 spec and implementation for Waku payload encryption https://rfc.vac.dev/spec/14/#payload-encryption
It should provide for basic and excepted security properties such as: confidentiality, authenticity, integrity, as well as some forms of unlinkability and forward secrecy.
Ideally, it'd provide a superset of current capabilities that are provided for with RFC 26 and SPEC 5, i.e.:
Use of more modern primitives, such as ChaChaPoly and similar, would also be interesting. Ditto providing for Zero-RTT and identity hiding (?).
Trade-offs
We acknowledge that this wouldn't have compatibility with the current Status secure chat protocol. There's not currently a strongly identified user for this, but we expect that this will be desired among non Status users.
Since it is unlikely all security and usability properties can be achieved simultaneously, there is likely to be some form of modularity in the spec. I.e. where certain Noise patterns are encouraged and/or required.
Other trade-offs that have to be considered are:
Additional context
Laundry list of some things that be improved in encrypted Waku Payload: https://github.com/vacp2p/rfc/issues/414
Specs:
Code:
Other notes
Long term, we are also interested in things such as:
However, these are out of scope for this issue.
Acceptance criteria