Switch to MLS

[expede]

👀 Preview

Changelog

Raw Tech

• Switch to X25519 ECDH
  • Include rationale vs WebCrypto P-256 in FAQ
  • Add implementation recommendation for non-extractable keys
• Leave in steps up to 3a
• Change 2b from secret init to beginning of MLS handshake
• Change 4b to use the MLS Credential step (double check that this is more than an ID)
• Regular MLS from 4b onwards

Formatting

• Renumber all the MD headers

Issues

• Closes Double Ratchet -> MLS #15

[icidasset]

Very well written! Almost as if you've done this before 😜

I noticed a few typos here and there, but otherwise this is looking great. I think I have a good idea how to implement this. The MLS part isn't super clear yet (as indicated by comment on section 6), but I'm sure that'll improve once I read more about it.

[expede]

@icidasset

The MLS part isn't super clear yet (as indicated by comment on section 6)

I'm like 99% sure that this works from a spec perspective, but the one part that I wonder about is if we'll need to contriubte upstream to OpenMLS to allow UCANs at the credentials step.

pub enum MlsCredentialType {
    Basic(BasicCredential),
    X509(Certificate),
}

pub struct BasicCredential {
    identity: VLBytes,
}

UCAN is like a much cleaned up and modernized X.509 (though formatted VERY differently). I think that we can hack it into the existing BasicCredential if OpenMLS gives you an opportunity to inspect that payload before continuing (which it will certainly do with X.509). If not, we may need to PR something like:

pub enum MlsCredentialType {
    Basic(BasicCredential),
    X509(Certificate),
    Ucan(UcanCredential), // <---
}

...or more general...

pub enum MlsCredentialType {
    Basic(BasicCredential),
    X509(Certificate),
    Cutstom(CustomCert), // <---
}

pub struct CustomCert { // <---
    certBytes: VLBytes, // <---
}

📚 Resources

• OpenMLS book: https://openmls.tech/openmls/book/index.html
• OpenMLS docs: https://openmls.tech/openmls/book/index.html