diff --git a/diagrams/simplex-messaging/simplex-creating-alt.mmd b/diagrams/simplex-messaging/simplex-creating-alt.mmd deleted file mode 100644 index 922a54901..000000000 --- a/diagrams/simplex-messaging/simplex-creating-alt.mmd +++ /dev/null @@ -1,16 +0,0 @@ -sequenceDiagram - participant B as Bob (sender) - participant S as server (conn. ID) - participant A as Alice (recipient) - - note over B: out-of-band msg
("public" key SK
to sign requests) - B -->> A: 1. send out-of-band message to Alice - - note over A: creating connection:
- connection ID
- key RK to retrieve
- key SK to send - A ->> S: 2. create secure connection - S ->> A: respond with connection URIs - - note over A: out-of-band msg
- sender conn. URI
- key EK to encrypt - A -->> B: 3. send out-of-band message to Bob - - note over S: 4. secure
connection ID
is established! diff --git a/diagrams/simplex-messaging/simplex-creating-alt.svg b/diagrams/simplex-messaging/simplex-creating-alt.svg deleted file mode 100644 index 11a4ed750..000000000 --- a/diagrams/simplex-messaging/simplex-creating-alt.svg +++ /dev/null @@ -1,505 +0,0 @@ -Bob (sender)server (conn. ID)Alice (recipient)out-of-band msg ("public" key SK to sign requests)1. send out-of-band message to Alicecreating connection: - connection ID - key RK to retrieve - key SK to send2. create secure connectionrespond with connection URIsout-of-band msg - sender conn. URI - key EK to encrypt3. send out-of-band message to Bob4. secure connection ID is established!Bob (sender)server (conn. ID)Alice (recipient) \ No newline at end of file diff --git a/diagrams/simplex-messaging/simplex-creating.mmd b/diagrams/simplex-messaging/simplex-creating.mmd index c0edf03ba..4a395b25a 100644 --- a/diagrams/simplex-messaging/simplex-creating.mmd +++ b/diagrams/simplex-messaging/simplex-creating.mmd @@ -1,9 +1,9 @@ sequenceDiagram participant B as Bob (sender) - participant S as server (conn. ID) + participant S as server (conn. RU) participant A as Alice (recipient) - note over A: creating connection
(connection ID and
"public" key RK
for msg retrieval) + note over A: creating connection
("public" key RK
for msg retrieval) A ->> S: 1. create connection S ->> A: respond with connection URIs @@ -17,4 +17,4 @@ sequenceDiagram note over A: decrypt message
("private" key EK) A ->> S: 5. secure connection - note over S: 6. secure
connection ID
is established! + note over S: 6. secure
connection RU
is established! diff --git a/diagrams/simplex-messaging/simplex-creating.svg b/diagrams/simplex-messaging/simplex-creating.svg index 970a1c7ad..e547359ca 100644 --- a/diagrams/simplex-messaging/simplex-creating.svg +++ b/diagrams/simplex-messaging/simplex-creating.svg @@ -1,50 +1,50 @@ -Bob (sender)server (conn. RU)Alice (recipient)creating connection ("public" key RK for msg retrieval)1. create connectionrespond with connection URIsout-of-band msg (sender conn. URI and "public" key EK to encrypt msgs)2. send out-of-band messageaccept connection ("public" key SK for sending messages and any optional info encrypted with "public" key EK)3. confirm connection (req not signed)4. retrieve Bob's message (RK-signed req)decrypt message ("private" key EK)5. secure connection6. secure connection RU is established!Bob (sender)server (conn. RU)Alice (recipient) \ No newline at end of file diff --git a/diagrams/simplex-messaging/simplex-using.mmd b/diagrams/simplex-messaging/simplex-using.mmd index c2b88bb7c..d23567b42 100644 --- a/diagrams/simplex-messaging/simplex-using.mmd +++ b/diagrams/simplex-messaging/simplex-using.mmd @@ -1,10 +1,10 @@ sequenceDiagram participant B as Bob (sender) - participant S as server (conn. ID) + participant S as server (conn. RU) participant A as Alice (recipient) note over B: encrypt message
("public" key EK) - B ->> S: 1. send message (SK-signed req) + B ->> S: 1. send message to SU (SK-signed req) - S ->> A: 2. retrieve messages (RK-signed req) + S ->> A: 2. retrieve messages from RU (RK-signed req) note over A: decrypt message
("private" key EK) diff --git a/diagrams/simplex-messaging/simplex-using.svg b/diagrams/simplex-messaging/simplex-using.svg index 8ecf95742..9200f2756 100644 --- a/diagrams/simplex-messaging/simplex-using.svg +++ b/diagrams/simplex-messaging/simplex-using.svg @@ -1,50 +1,50 @@ -Bob (sender)server (conn. RU)Alice (recipient)encrypt message ("public" key EK)1. send message to SU (SK-signed req)2. retrieve messages from RU (RK-signed req)decrypt message ("private" key EK)Bob (sender)server (conn. RU)Alice (recipient) \ No newline at end of file diff --git a/diagrams/simplex-messaging/simplex.mmd b/diagrams/simplex-messaging/simplex.mmd index 7baa9de7c..c9d4c64ca 100644 --- a/diagrams/simplex-messaging/simplex.mmd +++ b/diagrams/simplex-messaging/simplex.mmd @@ -3,9 +3,9 @@ graph LR VR{{"verify recipient (RK)"}} S(sender) -->|msg| VS - subgraph "server (connection ID)" + subgraph "server (connection RU)" VS --> DB[("storage")] DB --> VR end R(recipient) -->|"1) req"| VR - VR -->|"2) msg"| R + VR -->|"2) msg"| R \ No newline at end of file diff --git a/diagrams/simplex-messaging/simplex.svg b/diagrams/simplex-messaging/simplex.svg index 2a9105735..ea9979477 100644 --- a/diagrams/simplex-messaging/simplex.svg +++ b/diagrams/simplex-messaging/simplex.svg @@ -1,50 +1,50 @@ -
server (connection RU)
msg
1) req
2) msg
storage
verify sender (SK)
verify recipient (RK)
sender
recipient
 \ No newline at end of file diff --git a/simplex-messaging.md b/simplex-messaging.md index 4ebc3cbac..1e9960c18 100644 --- a/simplex-messaging.md +++ b/simplex-messaging.md @@ -41,7 +41,7 @@ The messages sent into the connection are encrypted and decrypted using another ![Simplex connection](/diagrams/simplex-messaging/simplex.svg) -Connection is defined by ID (`ID`) unique to the server, sender URI `SU` and receiver URI `RU`. Sender key (`SK`) is used by the server to verify sender's requests (made via `SU`) to send messages. Recipient key (`RK`) is used by the server to verify recipient's requests (made via `RU`) to retrieve messages. +Connection is defined by recipient URI `RU` unique to the server. It also has a different unique sender URI `SU`. Sender key (`SK`) is used by the server to verify sender's requests (made via `SU`) to send messages. Recipient key (`RK`) is used by the server to verify recipient's requests (made via `RU`) to retrieve messages. The protocol uses different URIs for sender and recipient in order to provide an additional connection privacy by complicating correlation of senders and recipients. @@ -56,14 +56,11 @@ To do it Alice and Bob follow these steps: 1. she decides which simplex messaging server to use (can be the same or different server that Alice uses for other connections). 2. she generates a new random public/private key pair (encryption key - `EK`) that she did not use before for Bob to encrypt the messages. 3. she generates another new random public/private key pair (recepient key - `RK`) that she did not use before for her to sign requests to retrieve the messages from the server. - 4. she generates a unique connection `ID` - generic simplex messaging protocol only requires that: - - it is generated by the client. - - it is unique on the server. - 5. she requests from the server to create a simplex connection. The request to create the connection is un-authenticated and anonymous. This connection definition contains previouisly generated connection `ID` and a uniqie "public" key `RK` that will be used to: + 4. she requests from the server to create a simplex connection. The request to create the connection is un-authenticated and anonymous. This connection request contains previouisly generated uniqie "public" key `RK` that will be used to: - verify the requests to retrieve the messages as signed by the same person who created the connection. - update the connection, e.g. by setting the key required to send the messages (initially Alice creates the connection that accepts unsigned requests to send messages, so anybody could send the message via this connection if they knew the connection URI). - 6. The server responds with connection URIs: - - recipient URI `RU` for Alice to retrieve messages from the connection. + 5. The server responds with connection URIs: + - recipient URI `RU` for Alice to manage the connection and to retrieve messages from the connection. - sender URI `SU` for Bob to send messages to the connection. 2. Alice sends an out-of-band message to Bob via the alternative channel that both Alice and Bob trust (see [Simplex messaging protocol abstract](#simplex-messaging-protocol-abstract) above). The message includes: - the unique "public" key (`EK`) that Bob should use to encrypt messages. @@ -78,11 +75,11 @@ To do it Alice and Bob follow these steps: 4. he sends the encrypted message to the connection URI `SU` to confirm the connection (that Alice provided via the out-of-band message). This request to send the first message does not need to be signed. 4. Alice retrieves Bob's message from the server via recipient connection URI `RU`: 1. she decrypts retrieved message with "private" key `EK`. - 2. even though anybody could have sent the message to the connection `ID` before it is secured (e.g. if communication is compromised), Alice would ignore all messages until the decryption succeeds (i.e. the result contains the expected message structure). Optionally, she also may identify Bob using the information provided, but it is not required by this protocol. -5. Alice secures the connection `ID` so only Bob can send messages to it: + 2. even though anybody could have sent the message to the connection with URI `SU` before it is secured (e.g. if communication is compromised), Alice would ignore all messages until the decryption succeeds (i.e. the result contains the expected message structure). Optionally, she also may identify Bob using the information provided, but it is not required by this protocol. +5. Alice secures the connection `RU` so only Bob can send messages to it: 1. she sends the request to `RU` signed with "private" key `RK` to update the connection to only accept requests signed by "private" key `SK` provided by Bob. - 2. From this moment the server will accept only signed requests, and only Bob will be able to send messages to the `SU` corresponding to connection `ID`. -6. The simplex connection `ID` is now established on the server. + 2. From this moment the server will accept only signed requests, and only Bob will be able to send messages to the `SU` corresponding to connection `RU`. +6. The simplex connection `RU` is now established on the server. **Creating simplex connection from Bob to Alice:** @@ -96,7 +93,7 @@ Bob now can securely send messages to Alice. 2. he signs the request to the server (via `SU`) using the "private" key `SK` (that only he knows, used only for this connection). 3. he sends the request to the server, that the server will verify using the "public" key SK (that Alice provided to the server). 2. Alice retrieves the message(s): - 1. she signs request to the server with the "private" key `RK` (that only she has, used only for this connection). + 1. she signs request to the server with the "private" key `RK` (that only she has, used only for this connection) and sends it to `RU`. 2. the server, having verified Alice's request with the "public" key `RK` that she provided, responds with Bob's message(s). 3. she decrypts Bob's message(s) with the "private" key `EK` (that only she has). @@ -118,17 +115,6 @@ This protocol also can be used for off-the-record messaging, as Alice and Bob ca How simplex connections are used by the participants (graph vertices) is defined by graph-chat protocol and is not in scope of this low level simplex messaging protocol. -## Alternative flow to establish a simplex connection - -When Alice and Bob already have a secure duplex (bi-directional) communication channel that allows to conveniently send two out-of-band messages, a flow with smaller number of steps to establish the connection can be used. - -TODO - -**Alternative flow of creating a simplex connection from Bob to Alice:** - -![Alternative flow of creating connection](/diagrams/simplex-messaging/simplex-creating-alt.svg) - - ## Elements of the generic simplex messaging protocol - defines only message-passing protocol: @@ -149,7 +135,7 @@ TODO - both "public" keys are provided to the server by the connection recepient when the connection is established. - the "public" keys known to the server and used to authenticate requests from the participants are unrelated to the keys used to encrypt and decrypt the messages - the latter keys are also unique per each connection but they are only known to participants, not to the servers. - messaging graph can be asymmetric: Bob's ability to send messages to Alice does not automatically lead to the Alice's ability to send messages to Bob. - - connections are identified by the "connection URI" - server URI and connection ID (`ID`). + - connections are identified by sender and recipient server URIs. [1]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack