* "Presence" messages sent in clear by the server to indicate a user has entered or left the room
== Cleartext User messages from users ==
=== QUERY ===
* Contains a nonce
* Requests anyone to send a MEMBER_LIST
=== MEMBER_LIST ===
* Lists Contains the sequence number and nonce of the QUERY it's responding to * Lists Contains the transcript hash for the QUERY* Contains a certificate for each member at the time of its parentthe QUERY
=== JOIN ===
* Lists the Contains a certificate for the new memberĀ == Encrypted messages ==
=== CONFIRM ===
* Uses pairwise TripleDH between sender and recipient keys, i.e.
HASH( DH(A_id, B_eph) || DH(A_eph, B_id) || DH(A_eph, B_eph) )
* Contains a the sequence number for its parent* The transcript hashand membership of its parent is included as "additional authenticated data"
=== DATA ===
* Encrypted under the sender's "sender key"
* Contains a transcript hash
* Ed25519 signature from the sender's ephemeral public key
* Contains the sequence number for its parent
* The transcript hash and membership of its parent is included as "additional authenticated data"
= Algorithms =
On entering a room, a user sends a QUERY. Someone will respond with a MEMBER_LIST. If two users try to join simultaneously, the second QUERY will not be responded to until the first user has finished joining.
On receiving a MEMBER_LIST, the new user learns the room's membership , transcript hash, and sequence numbersnumber for the QUERY message. To finish joining, the new user sends a JOIN, including a CONFIRM for each existing member. Each member will respond to her JOIN message with a CONFIRM, containing a new sender key.
Until the new user has finished joining, existing members continue exchanging DATA with their old sender keys. Once the last confirmation has been received, existing users switch to their new sender keys.
On entering a room, a user sends a QUERY. Someone will respond with a MEMBER_LIST. If multiple users try to join simultaneously, they will all be responded to immediately.
On receiving a MEMBER_LIST, the new user learns the room's membership , transcript hash, and sequence numbersnumber for the QUERY message. To finish joining, the new user sends a JOIN, including a CONFIRM for each existing member. Each member will respond to her JOIN message with a CONFIRM, containing their current sender key.
The new user is part of the group once her JOIN message is received. This means that DATA can be sent between group members who have not yet confirmed each other.
[[Category: mpOTR]]