Tracking: Loosen Key Package Upload Validation #399

neekolas · 2024-08-14T03:52:46Z

The goal of this project is to allow clients to upload key packages before publishing identity updates. While we are rolling out these changes, we can do a bit of cleanup of some of the legacy APIs that predate the identity work.

Because of some frontend->backend dependencies, we'll need to roll this out in at least two phases.

Phase 1

Tasks

Give feedback

Change logic in RegisterInstallation and UploadKeyPackage to not validate that the key package is part of a given inbox. Instead it should just validate the signatures and extract the installation ID.
Update database schema to not store the inbox_id on installations, since we don't have that trusted information after the first change. Also remove the expiration field
Update client to call UploadKeyPackage before publishing an identity update adding the installation
Remove RegisterInstallation and GetIdentityUpdates APIs from the libxmtp traits
Make the ValidateInboxIdKeyPackages endpoint in the validation service stop checking the lifetime of key packages, since that check will panic if the lifetime is not set
Stop setting a lifetime on new key packages. This will prevent them from expiring
Options

Phase 2

Tasks

Give feedback

Roll out changes from phase 1 to all clients
In the PublishIdentityUpdate flow, check to make sure the installation is already registered. Reject any identity updates that reference an installation that does not have a key package stored in the DB.
Remove RegisterInstallation, RevokeInstallation and GetIdentityUpdates from the protos and server
Remove ValidateInboxIds and ValidateKeyPackages endpoints from the MLS validation service and protos
Options

The text was updated successfully, but these errors were encountered:

### TL;DR Implements parts of xmtp/xmtp-node-go#399 - Uses `UploadKeyPackage` instead of `RegisterInstallation` so we can deprecate the register installation endpoint - Uploads key package _before_ publishing the identity updates for new installations. This ensures that any installation seen in an identity update must have a matching key package. - No longer checks the lifetime of key packages when verifying ## AI Assisted Summary ### What changed? - Removed expiration checks and set expiration to 0 in MLS validation service - Updated the client registration process to register identity before applying signature request - Renamed `register_installation` to `upload_key_package` in API client calls - Removed lifetime validity checks from key package verification

neekolas self-assigned this Aug 14, 2024

This was referenced Aug 14, 2024

Remove inbox validation for uploading key packages #400

Merged

Upload key package before publishing identity updates xmtp/libxmtp#962

Merged

neekolas mentioned this issue Sep 4, 2024

Remove defunct protos xmtp/proto#202

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tracking: Loosen Key Package Upload Validation #399

Tracking: Loosen Key Package Upload Validation #399

neekolas commented Aug 14, 2024 •

edited

Loading

Tasks

Tasks

Tracking: Loosen Key Package Upload Validation #399

Tracking: Loosen Key Package Upload Validation #399

Comments

neekolas commented Aug 14, 2024 • edited Loading

Phase 1

Tasks

Phase 2

Tasks

neekolas commented Aug 14, 2024 •

edited

Loading