Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

initial MMP protocol draft #899

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from

Conversation

kdenhartog
Copy link

@kdenhartog kdenhartog commented Aug 27, 2024

This is the initial protocol specification for sending messages larger than 512 characters between two parties using ZIP-302 via IPFS. It's been intentionally designed to be extensible in order to allow for additional storage, cryptography, or other more comprehensive protocol behavior while still keeping it simple and interoperable to start.

I still need to do another editing pass through it before I'd think it's read to be merged, but I wanted to get this published out there so we can start getting early review from the community on it.

@kdenhartog kdenhartog force-pushed the kdh/media-memos-protocol branch from 7a712bb to b257a2d Compare August 28, 2024 05:42
zips/zip-tbd1.md Outdated Show resolved Hide resolved
Copy link
Contributor

@nuttycom nuttycom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initial comments; reviewed with @str4d, @daira, @arya2 and @conradoplg.

zips/zip-tbd1.md Outdated Show resolved Hide resolved
zips/zip-tbd1.md Show resolved Hide resolved
zips/zip-tbd1.md Outdated Show resolved Hide resolved
zips/zip-tbd1.md Outdated Show resolved Hide resolved
zips/zip-tbd1.md Outdated Show resolved Hide resolved
zips/zip-tbd1.md Outdated

## ABNF definition of message URI syntax
mmp-uri = mmp ":" version ":" cid query-params
mmp-uri = /1*512VCHAR; Limit to 512 ASCII VCHARs
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is VCHAR the correct choice here? Should this be a smaller character set? Perhaps pchar / "?"

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To avoid parsing issues with URI libraries, it does make sense to keep this URI safe. However, because this needs maximum extensibility such that a version has the versatility it might need with various reserve characters I'm thinking it makes sense to make this unreserved / reserved which I think would be correct here in saying that any URI safe character can be used as long as the total length is less than 512 characters.

Does that sound good to you?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The important thing is that parsing ambiguities aren't introduced here. Also, since this isn't valid ABNF (to have two productions with different constraints) there should be some other mechanism used to express this constraint.

Copy link
Author

@kdenhartog kdenhartog Oct 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The important thing is that parsing ambiguities aren't introduced here.

Agreed, will make sure that this is complying with the URI spec.

Also, since this isn't valid ABNF (to have two productions with different constraints) there should be some other mechanism used to express this constraint.

I believe this would be valid ABNF under: https://datatracker.ietf.org/doc/html/rfc5234#section-3.3

The reason I used this method was to make it clear the maximum length of the entire URI is meant to be 512 characters. If there's a way to do that within a single rule, I'm happy to change it but with the variability of length for the message-location and query-params sections it wasn't clear to me how to do it other than this way.

zips/zip-tbd1.md Outdated Show resolved Hide resolved
zips/zip-tbd1.md Outdated
In all versions of the Media Memo Protocol that require passing a secret key between sender and recipients the key parameter MUST be used to. The key parameter MUST be the first query parameter if used so it should follow directly after a ? symbol. Reuse of this query parameter for many protocols will ensure the greatest possible interoperability.

### ABNF for Encryption Key Query Parameter
encrypt-key-param = "key=" 1*64VCHAR
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't define the ttl field that you show in your example; under the current ABNF, it would need to be part of the encrypt-key-param production, which is required to appear first. Instead of defining an explicit initial encrypt-key-param production that must appear before other query parameter pairs, permit an arbitrary order and then just require the key and potentially ttl (if intended) keys be present in prose.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also: the key should appear in a fragment, not as a query parameter, as it should NOT be sent to the server (if processed by a naive parser.)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The various options I considered here were:

  1. Add an additional : delimited section after version, but before the message location that is the key, but this becomes weird if someone opts to not have a key all together in a version. This could be solved with an empty section that produces :: if we want and saves a few bytes.
  2. Reserve use of fragments for passing the key only and prevent usage of other fragments from being used
  3. query parameter specific so that it can be dropped or added as needed.

The reason I opted to go with the query parameter option is that I expected that the parsers would handle this fine, but as soon as someone passed this to a URL resolver it would fail in which case it wouldn't make a network call at all. The one edge case that I can think of here is the registration of custom scheme handlers in operating systems and some browsers which may end up passing the URI around locally on device, but would likely still fail to resolve them in which case I couldn't see a reason that the query parameter didn't make sense.

However, in looking into the behavior of fragments a bit more for different media types, it does look possible to define multiple such as the example for PDFs.

In this case, I'm convinced that using fragments is the better option here but will keep the syntax matching what's described (well with some modifications to the characters that can be used as the questions above around VCHAR apply here too).

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, I opted to just drop the ttl example from this spec. Instead it seems more relevant that this is defined in the actual v1 spec.

@kdenhartog
Copy link
Author

This is great feedback @nuttycom - I'll come back to this next week and address each of the comments. Thanks to you and the others for reviewing this!

kdenhartog and others added 2 commits October 3, 2024 13:57
Some good feedback provided around ABNF irregularities which led to
a simpler ABNF. Additionally updated some spec text to align with
the new ABNF definitions.

Co-authored-by: Kris Nuttycombe <[email protected]>
Co-authored-by: Jack Grigg <[email protected]>
Co-authored-by: Daira-Emma Hopwood <[email protected]>
Co-authored-by: Arya <[email protected]>
Co-authored-by: Conrado Gouvea <[email protected]>
@kdenhartog
Copy link
Author

Ok, I believe this should address all the great feedback provided so far. This actually seemed to simplify the ABNF definitions once I thought through it a bit more too.


## Encryption process

The Message Encryption process MUST utilize the secretbox construction from libsodium with the authentication tag attached. The XSalsa20Poly1305 stream cipher MUST be used also. In order to ensure proper usage both the key and nonce MUST not be reused. For this reason it is RECOMMENDED that implementers leverage the `crypto_secretbox_easy` API in libsodium.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note from ZECC Summit: we do not currently depend on XSalsa20Poly1305 anywhere in the Zcash protocol, and use ChaCha20Poly1305 (in particular the IETF version specified in RFC 7539) for the encrypted memos in which the MMP would be stored. It therefore would be simpler (and have a smaller security surface) to use ChaCha20Poly1305 for MMP. The length limit of 1GB means that any differences in maximum length between XSalsa20Poly1305 and ChaCha20Poly1305 do not matter.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this note @str4d. I'm happy to change this. For the second sentence ("It is RECOMMENDED...") do we have any implementation APIs we might want to point to as a reference?

Also, just confirming that we're good with using RFC 7539 vs XChacha20Poly1305 as defined in draft-arciszewski-xchacha-03 . I'd personally prefer consistency around algorithms for a baseline if possible, so whatever is used already is likely the best.


### Message Availability

Due to the nature of the tradeoffs on the [^IPFS] network there is not a guarantee that content will remain pinned or be replicated by others on the network. Especially since the content is encrypted and therefore unable to be seen by the sender or recipient. For this reason senders SHOULD expect to pin the message on the network for at least 7 days so that the recipient has enough time to retrieve the message. Implementations may opt to use a separate pinning service to extend this time period further. This time period that the sender intends to pin the message MUST be communicated to the recipient via the ttl query parameter.
Copy link

@emersonian emersonian Jan 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've been working on a prototype that uses Arweave for permanent file storage, referenced by memos in Zcash. I'd love to adopt this standard that you proposed, but I cannot rely on IPFS for my use case. I'd love to see Arweave added as a second storage option, and I'm happy to add support for IPFS on my side as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants