diff options
Diffstat (limited to 'docs/rfc.md')
| -rw-r--r-- | docs/rfc.md | 48 |
1 files changed, 29 insertions, 19 deletions
diff --git a/docs/rfc.md b/docs/rfc.md index 8296cfa..854d737 100644 --- a/docs/rfc.md +++ b/docs/rfc.md @@ -180,7 +180,6 @@ Payload is always empty for this type. |------|-----------------------------------------------------------| | 0x01 | Client auth failed. Invalid username or password. | | 0x02 | Not found. User or channel cannot access user or channel. | -| 0x03 | Server auth failed. Unknown name. | ### Handshake @@ -246,7 +245,7 @@ Some operations require multiple rounds of communication. In this case payloads are send in a sequence. Payload that is not part of this specific operation (for example incoming message) cannot interrupt this process. -### Client-Server connection initialisation +## Client-Server connection initialisation ~~~ ascii-art +--------+ +--------+ @@ -259,20 +258,40 @@ specific operation (for example incoming message) cannot interrupt this process. | Send [Handshake] | +--------------------------->| | | - | +- If [ver_major] does not match server - | | protocol version close the connection + | +- If [ver_major] does not match + | | server protocol version close + | | the connection. | | - | Send [UserAuth] | + | Send [UserAuth] | +--------------------------->| | | | Send [Error 0x01] | - |<---------------------------+- If [username] or [password] does not match - | | and close the connection + |<---------------------------+- If [username] or [password] + | | does not match and close + | | the connection. | | | Send [Sucesss] | |<---------------------------+ ~~~ +## Exchanging messages between servers + +Exchanging messages between SOLEC servers is a core concept behind the project. +Sending message to user residing on a different server require estabilishing a +connection between both servers. + + +### Authentication + +Server authentication is crucial to prevent message spoofing and other forms of +abuse. Server cannot use same auth process as clients because that would require +creating account for each server on any other server which is impossible. +Possible solution are TLS or other public key based protocol. + +As for now the issue remains open and server authorization uses mock +[ServerAuth] payload which specifies just the connecting server name. +This is obviously insecure. + ### Server-Server connection initialisation ~~~ ascii-art @@ -286,22 +305,13 @@ specific operation (for example incoming message) cannot interrupt this process. | Send [Handshake] | +--------------------------->| | | - | +- If [ver_major] does not match server - | | protocol version close the connection + | +- If [ver_major] does not match + | | server protocol version close + | | the connection. | | | Send [ServerAuth] | +--------------------------->| | | - | Send [Error 0x03] | - |<---------------------------+- If [name] is not present in known public - | | keys list. - | | | Send [Sucesss] | |<---------------------------+ ~~~ - -## Server to server operation - -Exchanging messages between SOLEC servers is a core concept behind the project. -Sending message to user residing on a different server require estabilishing a -connection between both servers. |