Changes
explain overhead reduction in more detail
When a member u wants to part, they send a "farewell" message m:
* everyone Everyone should explicit-ack this message ASAP** this This message should contain the next-sender-key, to be used after u leaves, encrypted to everyone except u. (Hopefully this addresses the concern Joe brought upThis ensures old members can't read new messages even if they eavesdrop.)** (We could probably do something similar for group keys.)* when When this message is fully-acked, u gains consistency for all previous messages up to m, and may leave.** other Other messages should be probably be discarded, - u won't have a chance to verify their consistency.
* TBD: need to think about simultaneous parts
When a member u accepts a non-explicit-ack message m at time t:
* if u did not send m, and they have not acked m by t+ACK_GRACE_INTERVAL, they should send an explicit-ack
Both of these should be defined to cover common cases (e.g. 95th-percentile) rather than being mean values.
The above checks should be applied for every single message. This guarantees that a warning shows up if we don't reach consistency within the timeout defined above, ensuring timelinessand works even if people don't manually send messages.
We are still vulnerable to a "drop everything" attack, but that can't be helped unless we have unconditionally-periodic heartbeats. Not sure if we want to put these in the upcoming spec.