General improvements to WakuRelay spec #316
Conversation
content/docs/rfcs/11/README.md
Outdated
|
|
||
| **Protocol identifier***: `/vac/waku/relay/2.0.0-beta2` | ||
| `WakuRelay` specifies a [Publish/Subscribe approach](https://docs.libp2p.io/concepts/publish-subscribe/) to peer-to-peer messaging with a strong focus on privacy, censorship-resistance, security and scalability. |
There was a problem hiding this comment.
Instead if WakuRelay I'd call this 11/WAKU2-RELAY (ditto other parts of the spec)
content/docs/rfcs/11/README.md
Outdated
|
|
||
| **Protocol identifier***: `/vac/waku/relay/2.0.0-beta2` | ||
| `WakuRelay` specifies a [Publish/Subscribe approach](https://docs.libp2p.io/concepts/publish-subscribe/) to peer-to-peer messaging with a strong focus on privacy, censorship-resistance, security and scalability. |
There was a problem hiding this comment.
I'd add all the unique links to a Reference section at the end, so we know what we are building on / make sure it is a canonical place / no dead links etc. No need for reference number though, just in addition to what exists now.
content/docs/rfcs/11/README.md
Outdated
|
|
||
| # Security Requirements | ||
|
|
||
| The `WakuRelay` protocol is designed to provide the following security properties under a static [Adversarial Model](#adversarial-model). Note that data confidentiality, integrity, and authenticity are currently considered out of the scope of the `WakuRelay` protocol and must be handled by the upper-level protocols such as [WakuMessage](https://github.com/vacp2p/specs/blob/master/specs/waku/v2/waku-message.md). | ||
| The `WakuRelay` protocol is designed to provide the following security properties under a static [Adversarial Model](#adversarial-model). |
There was a problem hiding this comment.
Formatting - the spacing looks bigger than one newline but maybe this is just GH preview? (Same in other places, but doesn't look like newline or newspace)
There was a problem hiding this comment.
Mmm, interesting. There's only a single LF-character each after lines 24 and 25. Think this may be a preview thing - there were double LFs elsewhere, which I've fixed in aeae2b5.
content/docs/rfcs/11/README.md
Outdated
|
|
||
| # Security Requirements | ||
|
|
||
| The `WakuRelay` protocol is designed to provide the following security properties under a static [Adversarial Model](#adversarial-model). Note that data confidentiality, integrity, and authenticity are currently considered out of the scope of the `WakuRelay` protocol and must be handled by the upper-level protocols such as [WakuMessage](https://github.com/vacp2p/specs/blob/master/specs/waku/v2/waku-message.md). | ||
| The `WakuRelay` protocol is designed to provide the following security properties under a static [Adversarial Model](#adversarial-model). | ||
| Note that data confidentiality, integrity, and authenticity are currently considered out of scope for the `WakuRelay` protocol and must be handled by higher layer protocols such as [WakuMessage](https://github.com/vacp2p/specs/blob/master/specs/waku/v2/waku-message.md). |
There was a problem hiding this comment.
Should link to rfc site url
There was a problem hiding this comment.
I think @oskarth was able to use relative links in another PR.
content/docs/rfcs/11/README.md
Outdated
|
|
||
| ## Signature Policy | ||
|
|
||
| The `StrictNoSign` option MUST be used. | ||
| The [`StrictNoSign` option](https://github.com/libp2p/specs/blob/master/pubsub/README.md#signature-policy-options) MUST be used, to ensure that messages are built without the `signature`, `key`, `from` and `seqno` fields. Note that this does not merely imply that these fields be empty, but that they MUST be _absent_ from the marshalled message. |
There was a problem hiding this comment.
What's the significance of this distinction?
There was a problem hiding this comment.
There's a slight semantic difference between an empty field and an absent field in protobuf (an empty field will still have a populated field tag number when marshalled, which could lead to dodgy interpretations when unmarshalled). The latter is specified by PubSub for StrictNoSign, but repeated here as it may be an important implementation requirement for 11/WAKU2-RELAY.
| Integrity and authenticity are typically addressed through digital signatures and Message Authentication Code (MAC) schemes, however, the usage of digital signatures (where each signature is bound to a particular peer) contradicts with the unlinkability requirement (messages signed under a certain signature key are verifiable by a verification key that is bound to a particular publisher). | ||
| As such, integrity and authenticity are missing features in the `WakuRelay` protocol in the interest of unlinkability. | ||
| In future work, advanced signature schemes like group signatures can be utilized to enable authenticity, integrity, and unlinkability simultaneously. | ||
| In a group signature scheme, a member of a group can anonymously sign a message on behalf of the group as such the true signer is indistinguishable from other group members. <!-- TODO: shall I add a reference for group signatures?--> | ||
|
|
||
|
|
||
| # Changelog |
There was a problem hiding this comment.
Given the simplification of lifecycle we could probably do away with this section. Draft means things can change, and once in stable it should only have cosmetic changes
There was a problem hiding this comment.
Do you mean to move this content away from the "Future Work"-section or to remove this section completely, including the content?
There was a problem hiding this comment.
Oh, wait. I realise now that you're probably referring to the Changelog section, not the Future Work section? 😀
Co-authored-by: Sanaz Taheri Boshrooyeh <35961250+staheri14@users.noreply.github.com>
content/docs/rfcs/11/README.md
Outdated
|
|
||
| # Security Requirements | ||
|
|
||
| The `WakuRelay` protocol is designed to provide the following security properties under a static [Adversarial Model](#adversarial-model). Note that data confidentiality, integrity, and authenticity are currently considered out of the scope of the `WakuRelay` protocol and must be handled by the upper-level protocols such as [WakuMessage](https://github.com/vacp2p/specs/blob/master/specs/waku/v2/waku-message.md). | ||
| The `WakuRelay` protocol is designed to provide the following security properties under a static [Adversarial Model](#adversarial-model). | ||
| Note that data confidentiality, integrity, and authenticity are currently considered out of scope for the `WakuRelay` protocol and must be handled by higher layer protocols such as [WakuMessage](https://github.com/vacp2p/specs/blob/master/specs/waku/v2/waku-message.md). |
There was a problem hiding this comment.
I think @oskarth was able to use relative links in another PR.
content/docs/rfcs/11/README.md
Outdated
|
|
||
| ## Signature Policy | ||
|
|
||
| The `StrictNoSign` option MUST be used. | ||
| The [`StrictNoSign` option](https://github.com/libp2p/specs/blob/master/pubsub/README.md#signature-policy-options) MUST be used, to ensure that messages are built without the `signature`, `key`, `from` and `seqno` fields. Note that this does not merely imply that these fields be empty, but that they MUST be _absent_ from the marshalled message. |
Co-authored-by: Sanaz Taheri Boshrooyeh <35961250+staheri14@users.noreply.github.com>
This PR closes #266.
It adds improvements to the
WakuRelayspecification, including:WakuRelay's relationship to libp2pGossipSuband the scope of each specificationWire Specification, including how fields must be populated according to aStrictNoSignpolicy. This section should not be a review of PubSub, but a specification ofWakuRelay's use of PubSub.GossipSubworks and has no bearing onWakuRelayand its goals