Skip to content
This repository was archived by the owner on Jun 5, 2026. It is now read-only.

docs: Reliable Channel API spec#104

Merged
Ivansete-status merged 102 commits into
masterfrom
add-new-reliability-spec
May 1, 2026
Merged

docs: Reliable Channel API spec#104
Ivansete-status merged 102 commits into
masterfrom
add-new-reliability-spec

Conversation

@Ivansete-status

@Ivansete-status Ivansete-status commented Mar 25, 2026

Copy link
Copy Markdown
Contributor

This PR aims to gather the initial Reliable Channel API spec, inspired by the following forum post:

Related Issue

Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md Outdated
- The `IEncryption` interface MUST be implemented by the caller (e.g., the Chat SDK).
- The Reliable Channel API MUST NOT impose any specific encryption scheme.

## Security/Privacy Considerations

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SDS Contains a senderID, depending on how this will be implemented there is a potential privacy issue with unencrypted public reliability.

[Dust] Add privacy implications for unencrypted reliability

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point! Should we always encrypt the channelId to avoid privacy concerns? We can have a simple/fix encryption for that, without ratcheting in this particular case. wdyt?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we always encrypt the channelId to avoid privacy concerns?

  • Who would have access to this key?
  • How do you get the key to them?

Answering these questions has a major impact on UX. If it work for your use case, its easy enough to derive an encryption keym but depends heavily on the required security level

@jazzz jazzz left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Diving deeper into this, I think some extra clarity around Encryption would be helpful.

I'm unsure if the goal is:

  • Encrypt the channel_id so observers cannot correlate channel activity.
  • Provide payload confidentiality
  • Segmentation header encryption to obscure payload sizes
  • All of the above

This makes it hard to evaluate the proposed approach. Being clear around the goals and motivations would make it clearer for readers.

but does not provide high end-to-end delivery guarantees from sender to recipient.
This suggests the purpose of RChans is purely reliability, in which case I would ask why does there need to be Encryption at all? Or segmentation? Spending time to clearly capture the goals would make it easier for developers to know how to use this object

Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md
Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md Outdated
@Ivansete-status

Copy link
Copy Markdown
Contributor Author

(I cannot answer inline in this case)
@jazzz , answering #104 (comment)
This is addressed in 9d79320

@Ivansete-status

Copy link
Copy Markdown
Contributor Author

The commit a267622 adds some more ideas from @fryorcraken in #89 ( I just realised about the 89 after creating this one .)

Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md
Comment thread standards/application/reliable-channel-api.md
Comment thread standards/application/reliable-channel-api.md
Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md
Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md Outdated
@Ivansete-status Ivansete-status self-assigned this Apr 23, 2026
Ivansete-status and others added 5 commits April 23, 2026 21:47
Co-authored-by: Igor Sirotin <igor.sirotin.1012@gmail.com>
Co-authored-by: Igor Sirotin <igor.sirotin.1012@gmail.com>
Co-authored-by: Igor Sirotin <igor.sirotin.1012@gmail.com>

@jazzz jazzz left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has seen some real improvement since the last time i reviewed it.

It's become clearer, and there is more of the details that I would want to see.

There are no blocking comments in this review - despite there being many - You can merge when ever you want. Though I'd like to know the plan for addressing the pebbles.

category: Standards Track
status: raw
tags: [reliability, application, api, sds, segmentation]
editor: Logos Messaging Team

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Dust] While not strictly forbidden by 1/COSS. My understanding was multiple editors adds ambiguity to the process. "Who is responsible for changes?", "what if team members disagree?" Choosing a single person responsible for managing the lifecycle of the document, avoids the "diffusion of responsibility"

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah okay, addressed now

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is more the specs team area of expertise.

However: I think you want a single editor, with multiple Contributors. The editor is just the person who is responsible for responding to updates. This can be sorted out later when it gets pushed to Logos-Lips

Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md Outdated
Comment thread standards/application/reliable-channel-api.md
Comment thread standards/application/reliable-channel-api.md
Comment thread standards/application/reliable-channel-api.md
Comment on lines +421 to +426
description: "Decrypts a byte payload. Returns the decrypted payload."
parameters:
- name: payload
type: array<byte>
returns:
type: result<array<byte>, error>

@jazzz jazzz May 1, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Pebble] How are developers supposed to determine if decryption was successful?

If all that is receive is a byte array, and there are multiple encryption keys (because I have multiple reliable channels) - How do I determine I found the right key?

I as the developer have no idea what the payload structure should be because its generated internally. Each decryption will result in a seemingly random series of bytes, If I don't know what I should be expecting.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will tackle that in a separate PR, in lips

- name: content
type: array<byte>
returns:
type: result<array<byte>, error>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Sand] What error type is returned from the encryption function?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same. Let's enhance once in lips.

Comment thread standards/application/reliable-channel-api.md Outdated
1. **Decrypt**: If an `Encryption` implementation is provided, decrypt the segment.
2. **Apply [SDS](https://lip.logos.co/ift-ts/raw/sds.html)**: Deliver the segment to the SDS layer, which emits acknowledgements and detects gaps.
- **Detect missing dependencies and fetch from store**: If SDS detects a gap in the causal history (i.e., a referenced predecessor segment has not yet been received), and considers the message is irretrievably lost,
the implementation MUST attempt to retrieve the missing segment throughout store protocol (store API is never exposed and hence, store queries are handled internally).

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Sand] It would be helpful to explain, that this is what the MessageHash is for.

The MessageId → MessageHash mapping is never really explained

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in ac4883f

@jazzz jazzz left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see there are now plans for the remaining Pebbles. 🚀

@Ivansete-status
Ivansete-status merged commit 95916da into master May 1, 2026
1 check passed
@Ivansete-status
Ivansete-status deleted the add-new-reliability-spec branch May 1, 2026 16:03
@github-project-automation github-project-automation Bot moved this from Code Review / QA to Done in λDelivery May 1, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

Archived in project

Development

Successfully merging this pull request may close these issues.

4 participants