Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial Conversational Security Specification #13

Closed
7 tasks
oskarth opened this issue Apr 22, 2019 · 4 comments
Closed
7 tasks

Initial Conversational Security Specification #13

oskarth opened this issue Apr 22, 2019 · 4 comments

Comments

@oskarth
Copy link
Contributor

oskarth commented Apr 22, 2019
edited by naghdy
Loading

This should give an overview of how we provide conversational security in Status.

See https://github.com/status-im/specs/blob/master/x6.md for current draft (kudos to @cammellos @pombeirp), as well Adam's initial spec.

The main issue with the current PFS whitepaper is that it treats PFS as a special thing, as opposed to talking about conversational security more generally (this might be more of a naming thing though - in any case it shows that we think of PFS as something (too) special). It's also not clear enough in terms of what guarantees we always make. We might also want to mention aspects like PCS.

As well as general evaluation based on SoK Secure Messaging, see inline doc.

Acceptance criteria

  • Someone can read this and implement a Status client (including links to other specs)
  • They should clarify what security guarantees the protocol(s) provide and don't provide
  • As well as what each protocol/layer requires and provides
  • They should be described as orthogonal pieces, so if someone wants a different transport that should ideally require minimal tweaks to the protocols

In terms of who will judge, it'll be 2-3 main groups initially:

  • Ourselves in protocol group
  • Client implementers (Core, Embark and Nimbus people i.e. status-js and Stratus)
  • Core dev calls participants

Questions spec should answer

Security and Privacy

Confidentiality
Integrity
Authentication
Participant Consistency
Destination Validation
Forward Secrecy
Backward Secrecy
Anonymity Preserving
Speaker Consistency
Causality Preserving
Global Transcript
Message Unlinkability
Message Repudiation
Particip. Repudiation
Adoption

Out-of-Order Resilient
Dropped Message Resilient
Asynchronicity
Multi-Device Support
No Additional Service
Group chat

Computational Equality
Trust Equality
Subgroup Messaging
Contractable
Expandable

Example technologies

Trusted servers (mailservers?)
Double ratchet
X3DH
Prekeys

Also note that multidevice fits here, fyi @decanus
@oskarth oskarth mentioned this issue Apr 22, 2019
Closed
10 tasks
@oskarth
Copy link
Contributor Author

oskarth commented Apr 25, 2019

@adambabik @decanus fyi updated

@oskarth oskarth mentioned this issue Apr 25, 2019
Closed
@oskarth
Copy link
Contributor Author

oskarth commented Apr 26, 2019

Connecting with this issue that is related status-im/bigbrother-specs#7 (comment)

@oskarth
Copy link
Contributor Author

oskarth commented May 20, 2019

Elaborate more on bid process https://github.com/status-im/status-react/blob/c9994b5d0f72377ec51000541e6b02500f8430f5/src/status_im/utils/clocks.cljs

@oskarth
Copy link
Contributor Author

oskarth commented Oct 22, 2019

Largely done; closing as no longer relevant. If we want to do further QA of specs, I suggest we do this through more specific issues.

@oskarth oskarth closed this as completed Oct 22, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@oskarth