From db1825b6d7c84ea080721cb896bd74298eefb2bf Mon Sep 17 00:00:00 2001 From: Jeff Gardner <202880+erskingardner@users.noreply.github.com> Date: Tue, 27 Aug 2024 18:01:24 +0200 Subject: [PATCH] Add note about identity of Credential not changing --- 104.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/104.md b/104.md index 70d1388..1a2d7a0 100644 --- a/104.md +++ b/104.md @@ -86,9 +86,9 @@ Changes to an MLS group are affected by first creating one or more `Proposal` ev ## MLS Credentials -A `Credential` in MLS is an assertion of who the user is coupled with a signing key. When constructing `Credentials` for MLS, clients MUST use the `BasicCredential` type and set the `identity` value as the 32-byte hex-encoded public key of the user's Nostr identity key. +A `Credential` in MLS is an assertion of who the user is coupled with a signing key. When constructing `Credentials` for MLS, clients MUST use the `BasicCredential` type and set the `identity` value as the 32-byte hex-encoded public key of the user's Nostr identity key. Clients MUST not allow users to change the identity field and MUST validate that all `Proposal` messages do not attempt to change the identity field on any credential in the group. -A `Credential` also has an associated signing key. The initial signing key for a user is included in the KeyPackage event. The signing key MUST be different from the user's Nostr identity key. This signing key will be rotated over time to provide improved post-compromise security. +A `Credential` also has an associated signing key. The initial signing key for a user is included in the KeyPackage event. The signing key MUST be different from the user's Nostr identity key. This signing key SHOULD be rotated over time to provide improved post-compromise security. ## KeyPackage Event and Signing Keys @@ -98,6 +98,8 @@ KeyPackages SHOULD be used only once. Reuse of KeyPackage Events can lead to rep The signing key (the public key included in the KeyPackage Event) is used for signing within the group that adds a new user via the KeyPackage Event. Therefore, clients implementing this NIP MUST ensure that they retain access to the private key material of the signing key for each group they are a member of. +In addition, the signing key MUST not be the same as the user's Nostr identity key. + ### Example KeyPackage Event ```json