|
| 1 | +# Faster connection establishment |
| 2 | + |
| 3 | +## Problem |
| 4 | + |
| 5 | +SMP protocol is unidirectional, and to create a connection users have to agree two messaging queues. |
| 6 | + |
| 7 | +V1 of handshake protocol required 5 messages and multiple HELLO sent between the users, which consumed a lot of traffic. |
| 8 | + |
| 9 | +V2 of handshake protocol was optimized to remove multiple HELLO and also REPLY message, thanks to including queue address together with the key to secure this queue into the confirmation message. |
| 10 | + |
| 11 | +This eliminated unnecessary traffic from repeated HELLOs, but still requires 4 messages in total and 2 times of each client being online. It is perceived by the users as "it didn't work" (because they see "connecting" after using the link) or "we have to be online at the same time" (and even in this case it is slow on bad network). This hurts usability and creates churn of the new users, as unless people are onboarded by the friends who know how the app works, they cannot figure out how to connect. |
| 12 | + |
| 13 | +Ideally, we want to have handshake protocol design when an accepting user can send messages straight after using the link (their client says "connected") and the initiating client can send messages as soon as it received confirmation message with the profile. |
| 14 | + |
| 15 | +This RFC proposes modifications to SMP and SMP Agent protocols to reduce the number of required messages to 2 and allows accepting client to send messages straight after using the link (and sending the confirmation), before receiving the profile of the initiating client in the second message, and the initiating client can send the messages straight after processing the confirmation and sending its own confirmation. |
| 16 | + |
| 17 | +## Solution |
| 18 | + |
| 19 | +The current protocol design allows additional confirmation step where the initiating client can confirm the connection having received the profile of the sender. We don't use it in the UI - this confirmation is done automatically and unconditionally. |
| 20 | + |
| 21 | +Instead of requiring the initiating client to secure its queue with sender's key, we can allow the accepting client to secure it with the additional SKEY command. This would avoid "connecting" state but would introduce "Profile unknown" state where the accepting client does not yet have the profile of the initiating client. In this case we could also use the non-optional alias created during the connection (or have something like "Add alias to be able to send messages immediately" and show warning if the user proceeds without it). |
| 22 | + |
| 23 | +The additional advantage here is that if the queue of the initiating client was removed, the connection will not procede to create additional queue, failing faster. |
| 24 | + |
| 25 | +These are the proposed changes: |
| 26 | + |
| 27 | +1. Modify NEW command to add flag allowing sender to secure the queue (it should not be allowed if queue is created for the contact address). |
| 28 | +2. Include flag into the invitation link URI and in reply address encoding that queue(s) can be secured by the sender (to avoid coupling with the protocol version and preserve the possibility of the longer handshakes). |
| 29 | +3. Add SKEY command to SMP protocol to allow the sender securing the message queue. |
| 30 | +4. This command has to be supported by SMP proxy as well, so that the sender does not connect to the recipient's server directly. |
| 31 | +5. Accepting client will secure the messaging queue before sending the confirmation to it. |
| 32 | +6. Initiating client will secure the messaging queue before sending the confirmation. |
| 33 | + |
| 34 | +See [this sequence diagram](../protocol/diagrams/duplex-messaging/duplex-creating-v6.mmd) for the updated handshake protocol. |
| 35 | + |
| 36 | +Changes to threat model: the attacker who compromised TLS and knows the queue address can block the connection, as the protocol no longer requires the recipient to decrypt the confirmation to secure the queue. |
| 37 | + |
| 38 | +Possibly, "fast connection" should be an option in Privacy & security settings. |
| 39 | + |
| 40 | +## Implementation questions |
| 41 | + |
| 42 | +Currently we store received confirmations in the database, so that the client can confirm them. This becomes unnecessary. |
0 commit comments