feat(56/STATUS-COMMUNITIES): initial draft #567
Conversation
rymnc
changed the title
content/docs/rfcs/53/README.md
Outdated
| # Design Requirements | ||
|
|
||
| Due to the nature of organizations, the following requirements are necessary for the design of organization chats - | ||
|
|
||
| 1. The Organization owner is trusted. | ||
| 2. The Organization owner can add or remove peers from the Organization. | ||
| 3. The Organization owner can add or remove channels. | ||
| 4. The peers in the Organization can send/receive messages to the channels which they have access to. | ||
| 5. Organizations may be encrypted or unencrypted (public). | ||
| 6. An Organization is uniquely identified by a public key. | ||
| 7. The public key of the Organization is shared out of band. | ||
| 8. The metadata of the Organization can be found by listening on a content topic derived from the public key of the Organization. | ||
| 9. Peers part of an Organization run their own infrastructure. |
There was a problem hiding this comment.
@felicio can you confirm if these assumptions are OK?
There was a problem hiding this comment.
LGTM, just,
- The Organization owner is trusted.
I'd replace org for community.
- The Organization owner can add or remove peers from the Organization.
Specifically, those are kick and ban ops (ref https://discord.com/channels/624205794384281629/730410574428504166/1020292913768443985).
- The Organization owner can add or remove channels.
And edit ofc, but dunno how taxative we wanna be here.
- Organizations may be encrypted or unencrypted (public).
Might be better to primarily distinguish them as private and public (ref https://discord.com/channels/624205794384281629/1048212980904501329/1052603998714220564).
Also, and maybe just as an fyi, public communities are "de facto unencrypted" atm. Since they're encrypted with a symmetric key, which is however obtainable by anyone (ref. https://discord.com/channels/864066763682218004/865466680129880074/1058202405583474688). If you'd be questioning this, I'd probably agree with you.
- Peers part of an Organization run their own infrastructure.
Meaning running Store or Relay protocols, for example? Web clients don't do that for instance.
There was a problem hiding this comment.
Also, admin role, in addition to the owner, def at https://discord.com/channels/624205794384281629/697843216048717905/1022799536495796224.
There was a problem hiding this comment.
- The peers in the Organization can send/receive messages to the channels which they have access to.
Members may be more suitable naming.
There was a problem hiding this comment.
Given op thread at https://discord.com/channels/864066763682218004/1064649971497971862/1065146990540902400, do you think the following is worth mentioning here too:
- the periodic publishing
- the clock
- the token-gating
- waku protocols in use
- back-ups
- notifications
There was a problem hiding this comment.
Thanks for your feedback.
There are a couple things we need to discuss though -
- Since status communities "implements" this spec, the implementation details of web clients will be omitted, as this only serves as a way on how communities work.
- unencrypted vs encrypted communities: as per my understanding of the message you shared, it is possible to derive the key of public communities. Is there a reason we're encrypting messages from public communities at all?
- Based on naming in other specs, let's try to stick to "peers" instead of "members". No strong opinion here, but can change it if it's required.
- I agree that we need to mention periodic publishing, clock, waku protocols in use, and backups. I believe token gating is still being workshopped, so a new PR to this rfc can discuss token gating and relevant ideas/issues there. I'll add it to future work for now.
- Imo we don't need to specify how notifications are delivered.
Addressed some of your concerns in 6352e9f
There was a problem hiding this comment.
Roger that.
Addressed some of your concerns in 6352e9f
Nice. Would you agree to move "To store and retrieve messages for offline devices" line to "SHOULD" section too instead of "MAY"? Without it, users wouldn't be able to fetch historical messages, for example.
Is there a reason we're encrypting messages from public communities at all?
I don't have a better answer, I'm sorry. @fryorcraken, please do you?
There was a problem hiding this comment.
Done, moved WAKU2-STORE to the "SHOULD" section
There was a problem hiding this comment.
Is there a reason we're encrypting messages from public communities at all?
I don't have a better answer, I'm sorry. @fryorcraken, please do you?
Sorry, I don't know either, would need to ask @cammellos
There was a problem hiding this comment.
Historical reasons, it was always a requirement for waku-1/whisper that messages have to be encrypted when sent over the network (there used to be support for unencrypted but it was dropped).
One benefit is that it provides some level of obscurity, since if you don't know/share the public key of the community, traffic can't be encrypted, but it's very bland and that's why we consider them unencrypted.
rymnc
changed the title
rymnc
changed the title
rymnc
changed the title
rymnc
changed the title
content/docs/rfcs/56/README.md
Outdated
| slug: 56 | ||
| title: 56/STATUS-COMMUNITIES | ||
| name: Status Communities that run on Waku v2 | ||
| status: raw |
There was a problem hiding this comment.
This should be draft and correspond with actual code running Communities I think
There was a problem hiding this comment.
Addressed in 4d11e7a. It is almost 1:1 with the implementation, just a few features which are too large to mention here can be present in follow-up rfcs (backup/sync protocol, archival protocol, etc)
|
|
||
| 1. The Community owner generates a public/private key pair. | ||
| 2. The Community owner configures the Community metadata, according to the wire format "CommunityDescription". | ||
| 3. The Community owner publishes the Community metadata on a content topic derived from the public key of the Community. |
There was a problem hiding this comment.
More details on topic usage would be useful
There was a problem hiding this comment.
Confirmed 👍, just
keccak-256 hash of the result MUST be used as the content topic
the hash is encoded as hex and what's used as a topic is this https://rfc.vac.dev/spec/23/#bridging-waku-v1-and-waku-v2 construct.
Code for ref,
- https://github.com/status-im/status-go/blob/f6dc6f752a/wakuv2/common/topic.go#L66-L70
- https://github.com/status-im/status-go/blob/f6dc6f752ac87ff3f05e235aec18ad2bc36da791/protocol/transport/topic.go#L20-L23
32 bytes and used as the content topic
Same as above would apply.
There was a problem hiding this comment.
Great! thanks, I'll mention the hex-encoding
There was a problem hiding this comment.
Thank you for the RFC ❇️
I left some in-line comments.
My take on the peers vs members discussion:
I'd use member when you refer to members of a status community, or members associated with a specific content topic. I'd use node/peer for the respective entities on the Waku relay layer.
I use node to refer to the own node, or some nodes from a bird-eye view; and peers to refer to nodes from the perspective of some node. E.g. a node is connected to peers; our node discovers peers, etc.
edit:
accidentally pressed approve. These were just intermediate comments, I'll do another review later.
content/docs/rfcs/56/README.md
Outdated
| The messages in a channel are broadcasted to all the users in the channel. | ||
|
|
||
| A regular group chat between two or more peers reduces to a 1:1 chat between each peer and the other peers. | ||
| One mechanism for 1:1 chats is described in [55/STATUS-1TO1-CHAT](/spec/55/). |
There was a problem hiding this comment.
Imo, the difference between a group chat and a community should be made clearer.
I assume, the current explanation would confuse somebody new to Status communities.
Maybe:
The purpose of Status communities, as specified in this document, is allowing for large group chats.
Communities can have further substructure, e.g. specific channels.
Smaller group chats, on the other hand, are out of scope for this document and can be built over 55/STATUS-1TO1-CHAT. We refer to these smaller group chats simply as "group chats", to differentiate them from Communities.
[continue with your explanation]
content/docs/rfcs/56/README.md
Outdated
|
|
||
| A regular group chat between two or more peers reduces to a 1:1 chat between each peer and the other peers. | ||
| One mechanism for 1:1 chats is described in [55/STATUS-1TO1-CHAT](/spec/55/). | ||
| The key-exchange mechanism MUST be X3DH, as described in [53/WAKU2-X3DH](/spec/53/). |
There was a problem hiding this comment.
For 1:1 chat?
If it MUST be X3DH, why does it leave implicit SHOULD or MAY above:
One mechanism for 1:1 chats is described in
Maybe:
[...] for group chats based on 55/STATUS-1TO1-CHAT the key-exchange mechanism MUST be X3DH...
| ### Community Leave Flow | ||
|
|
||
| 1. A peer requests to leave a Community by sending a "CommunityRequestToLeave" message to the Community. | ||
| 2. The Community owner MAY accept or reject the request. |
There was a problem hiding this comment.
Why might a member not be allowed to leave 😅 ?
There was a problem hiding this comment.
As per the current implementation, the owner has control over this process in the community.
| 3. [53/WAKU2-X3DH-SESSIONS](/spec/54/) - To handle session keys | ||
| 4. [14/WAKU2-MESSAGE](/spec/14/) - To wrap community messages in a Waku message | ||
| 5. [13/WAKU2-STORE](/spec/13/) - To store and retrieve messages for offline devices | ||
|
|
There was a problem hiding this comment.
Note: We should link the scaling BCP RFC here once it is done.
| The peer MAY back up their local settings, by encrypting it with their public key, and sending it to a given content topic. | ||
| The peer MAY then rely on this backup to restore their local settings, in case of a data loss. | ||
| This feature relies on [13/WAKU2-STORE](/spec/13/) for storing and retrieving messages. | ||
|
|
There was a problem hiding this comment.
We have to analyse this (or at least keep this in mind) in regards to scaling.
| The clock used in the wire format refers to the Lamport timestamp of the message. | ||
| The Lamport timestamp is a logical clock that is used to determine the order of events in a distributed system. | ||
| This allows ordering of messages in an asynchronous network where messages may be received out of order. | ||
|
|
There was a problem hiding this comment.
Note: This might duplicate features of Waku and add unnecessary complexty. Depends on how Message ID evolves.
Co-authored-by: kaiserd <[email protected]>
|
|
||
| The following Waku protocols MAY be used to implement Status Communities - | ||
|
|
||
| 1. [12/WAKU2-FILTER](/spec/12/) - Content filtering for resource restricted devices |
There was a problem hiding this comment.
Why is light push not mentioned here?
| This extends to banning and kicking members. | ||
| 4. The Community owner can add, edit and remove channels. | ||
| 5. Community members can send/receive messages to the channels which they have access to. | ||
| 6. Communities may be encrypted (private) or unencrypted (public). |
There was a problem hiding this comment.
My understanding is that public communities were dropped out. @John-44 can you confirm?
| 1. The Community owner generates a public/private key pair. | ||
| 2. The Community owner configures the Community metadata, according to the wire format "CommunityDescription". | ||
| 3. The Community owner publishes the Community metadata on a content topic derived from the public key of the Community. | ||
| the Community metadata SHOULD be encrypted with the public key of the Community. <!-- TODO: Verify this--> |
There was a problem hiding this comment.
Still a todo? Cc @felicio
| 2. The Community owner configures the Community metadata, according to the wire format "CommunityDescription". | ||
| 3. The Community owner publishes the Community metadata on a content topic derived from the public key of the Community. | ||
| the Community metadata SHOULD be encrypted with the public key of the Community. <!-- TODO: Verify this--> | ||
| The Community metadata MAY be sent during fixed intervals, to ensure that the Community metadata is available to members. |
There was a problem hiding this comment.
Would be good to define the current practice (what interval is used?) as this will help with the correctness of simulations.
There was a problem hiding this comment.
I could not find instances of the community description being published periodically in status-go except when a change in the community description or control message happens.
There was a problem hiding this comment.
There was a problem hiding this comment.
As per @felicio, https://discord.com/channels/864066763682218004/1065146990540902400/1067769073678680126
It's broadcasted every hour.
|
|
||
| 1. The peer is invited to join a Community by the Community owner, by sending a "CommunityInvitation" message. | ||
| 2. A peer generates a public/private key pair. | ||
| 3. The peer decrypts the "CommunityInvitation" message, and verifies the signature. |
There was a problem hiding this comment.
back to my comment above. How does the peer decrypt the message? I guess not with the key it just generated.
There was a problem hiding this comment.
Made it more clear in 3690bab
content/docs/rfcs/56/README.md
Outdated
| The content topic that Community channels/chats use MUST be the hex-encoded keccak-256 hash of the public key of the community concatenated with the chat id. | ||
|
|
||
| ``` | ||
| contentTopic = hex(keccak256(compressedPublicKey + chatId)) |
| 2. The Community owner configures the Community metadata, according to the wire format "CommunityDescription". | ||
| 3. The Community owner publishes the Community metadata on a content topic derived from the public key of the Community. | ||
| the Community metadata SHOULD be encrypted with the public key of the Community. <!-- TODO: Verify this--> | ||
| The Community metadata MAY be sent during fixed intervals, to ensure that the Community metadata is available to members. |
There was a problem hiding this comment.
I could not find instances of the community description being published periodically in status-go except when a change in the community description or control message happens.
|
|
||
| ### Community Ban Flow | ||
|
|
||
| 1. The Community owner adds a member to the ban list, revokes their grants, and publishes the updated Community metadata. |
There was a problem hiding this comment.
When an user is banned a re-key also happens if the community is encrypted. Should that be mentioned here?
Co-authored-by: fryorcraken.eth <[email protected]> Co-authored-by: RichΛrd <[email protected]>
Part of the effort described in waku-org/pm#12
Porting the status community spec to vac research (app-protocol):
vacp2p/research#166
Companion PR - #569