Add senderHmac and shouldPush to MessageV2
#519
Conversation
src/keystore/InMemoryKeystore.ts
Outdated
| encrypted: ciphertext, | ||
| senderHmac: await generateHmacSignature( | ||
| keyMaterial, | ||
| new TextEncoder().encode(contentTopic), |
There was a problem hiding this comment.
For the hkdf salt/domain, I would suggest we also include some kind of time-dependent value, such as the number of months since the Unix epoch: xmtp/XIPs#35 (comment). This ensures that we have automatic key rotation
There was a problem hiding this comment.
My worry about the time-dependent value is the complexity of keeping the push server up to date with the correct keys. If we had it roll over at 12am on the first of the month UTC, we'd guarantee that push notifications would not be correctly filtered for some time at the start of each month. Basically would be broken until the app starts up again, which requires integrators to have some sort of wakeup scheduled to refresh keys if they aren't comfortable with extended breakages each month. That's going to be a bigger ask for integrators.
The way to fix this is to have each user pass in not just the current month's key but also the next N months keys for each topic. That's fine, but it makes things more complicated from the push server side. Need to handle expirations etc. Clients would also need to be aware of their last upload time and periodically refresh.
There was a problem hiding this comment.
Summary of discussion:
- We can pass (prev_hmac_key, current_hmac_key, next_hmac_key). That solves any roll over issues.
- We can expose an API that maps (list of topics to subscribe pushes for) -> (hmac keys for topics). Integrators simply need to call it any time the topic list changes, as well as periodically, and upload it if it changes. This only needs to happen every 30 days at most.
Deploying with
|
| Latest commit: |
12895cb
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://72b91495.xmtp-js.pages.dev |
| Branch Preview URL: | https://rygine-sender-hmac.xmtp-js.pages.dev |
rygine
force-pushed
the
rygine/sender-hmac
branch
from
42f16a9
to
b6b388f
Compare
rygine
force-pushed
the
rygine/sender-hmac
branch
2 times, most recently
from
08384e3
to
86063f6
Compare
rygine
changed the title
MessageV2senderHmac and shouldPush to MessageV2
rygine
force-pushed
the
rygine/sender-hmac
branch
from
5320fa9
to
5c59492
Compare
rygine
force-pushed
the
rygine/sender-hmac
branch
from
5c59492
to
12895cb
Compare
|
🎉 This PR is included in version 11.4.0-beta.1 🎉 The release is available on: Your semantic-release bot 📦🚀 |
context: https://community.xmtp.org/t/xip-35-message-sender-identifier-in-topic/509/2
in this PR:
shouldPushtoContentCodectypeshouldPushmethod toTextCodecandCompositeCodecsenderHmacandshouldPushtoMessageV2getV2ConversationHmacKeystoInMemoryKeystoreto retrieve conversation topics and their associated HMAC keysTODO: