Internet DRAFT - draft-ralston-mimi-matrix-framework
draft-ralston-mimi-matrix-framework
More Instant Messaging Interoperability T. Ralston
Internet-Draft The Matrix.org Foundation C.I.C.
Intended status: Standards Track 13 March 2023
Expires: 14 September 2023
Matrix as a Messaging Framework
draft-ralston-mimi-matrix-framework-01
Abstract
This document describes how Matrix, an existing openly specified
decentralized protocol for secure interoperable communications, works
to create a framework for messaging.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at
https://turt2live.github.io/ietf-mimi-matrix-framework/draft-ralston-
mimi-matrix-framework.html. Status information for this document may
be found at https://datatracker.ietf.org/doc/draft-ralston-mimi-
matrix-framework/.
Discussion of this document takes place on the More Instant Messaging
Interoperability Working Group mailing list (mailto:mimi@ietf.org),
which is archived at https://mailarchive.ietf.org/arch/browse/mimi/.
Subscribe at https://www.ietf.org/mailman/listinfo/mimi/.
Source for this draft and an issue tracker can be found at
https://github.com/turt2live/ietf-mimi-matrix-framework.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
Ralston Expires 14 September 2023 [Page 1]
�
Internet-Draft Matrix as a Messaging Framework March 2023
This Internet-Draft will expire on 14 September 2023.
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Overall model . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Eventual Consistency . . . . . . . . . . . . . . . . . . 5
3. Rooms and Events . . . . . . . . . . . . . . . . . . . . . . 5
3.1. State Events . . . . . . . . . . . . . . . . . . . . . . 6
3.2. Room Versions . . . . . . . . . . . . . . . . . . . . . . 6
3.3. Mapping Features to Events . . . . . . . . . . . . . . . 7
4. Users and Devices . . . . . . . . . . . . . . . . . . . . . . 9
5. Room Version I.1 . . . . . . . . . . . . . . . . . . . . . . 9
6. Federation API . . . . . . . . . . . . . . . . . . . . . . . 9
7. Identity . . . . . . . . . . . . . . . . . . . . . . . . . . 11
8. End-to-end Encryption . . . . . . . . . . . . . . . . . . . . 11
9. Security Considerations . . . . . . . . . . . . . . . . . . . 11
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
11.1. Normative References . . . . . . . . . . . . . . . . . . 11
11.2. Informative References . . . . . . . . . . . . . . . . . 13
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction
Matrix is an existing open standard suitable for Instant Messaging
(IM), Voice over IP (VoIP) signaling, Internet of Things (IoT)
communication, and bridging other existing communication platforms
together. In this document we focus largely on the IM use case,
however the concepts can be applied to other forms of communication
as well.
Ralston Expires 14 September 2023 [Page 2]
�
Internet-Draft Matrix as a Messaging Framework March 2023
The existing Matrix specification [MxSpec] is quite large, yet
modular. Here, we can focus on the reusable portions that cover
messaging, and leave the rest out of scope, leading to more effective
implementations.
This document assumes some prior knowledge of federated or
decentralized systems, such as the principles of email. This
document additionally references concepts from
[I-D.rosenberg-mimi-taxonomy] to build common understanding.
2. Overall model
At a high level, Matrix consists of 4 primary concepts:
* Homeservers (also called "servers" for simplicity) contain user
accounts and handle the algorithms needed to support Rooms.
* Users produce Events which are sent into Rooms through their
Homeserver.
* Rooms are a defined set of algorithms which govern how all servers
in that room behave and treat Events. They are similar to
channels, group chats, etc from other protocols.
* Events are pieces of information that make up a room. They can be
"state events" which track details such as membership, room name,
and encryption algorithm or "timeline events" which are most
commonly messages between users.
Homeservers replicate events created by their users to all other
participating homeservers in the room (any server with at least 1
joined user). Similarly, events are retrieved on-demand from those
same participating homeservers. The details regarding how this is
done specifically, and how a server becomes joined to a room, are
discussed later in this document.
A 2 homeserver federation might look as follows:
Ralston Expires 14 September 2023 [Page 3]
�
Internet-Draft Matrix as a Messaging Framework March 2023
+--------------------------+
| @alice:hs1.example.org |
+--------------------------+
| @bob:hs1.example.org |
+--------------------------+
| @carol:hs1.example.org |
+-------------+------------+
|
+---------+--------+
| |
| Homeserver 1 |
| hs1.example.org |
| |
+-------+--^-------+
| |
| |
| |
+-------v--+-------+
| |
| Homeserver 2 |
| hs2.example.org |
| |
+---------+--------+
|
+-------------+------------+
| @dan:hs2.example.org |
+--------------------------+
| @erin:hs2.example.org |
+--------------------------+
Figure 1: Simple Network Architecture of Matrix
In this Figure, Alice, Bob, and Carol are on "hs1", with Dan and Erin
being on "hs2". Despite both having the root domain "example.org",
they are considered two completely different homeservers. Typically,
a homeserver would use a domain which was closer to the root (ie:
just "example.org"), however for illustrative purposes and having two
homeservers to work with, they have been "improperly" named here.
If Alice creates a room and invites Bob, Alice and Bob can
communicate without hs2. If Bob invites Dan or Erin, hs2 joins the
room when either accepts the invite. During the join process hs1
replicates the current state of the room (membership, room name, etc)
to hs2. After this initial replication, both homeservers replicate
new events from their side to the other. This replication includes
validation of the events on the receiving side.
Ralston Expires 14 September 2023 [Page 4]
�
Internet-Draft Matrix as a Messaging Framework March 2023
2.1. Eventual Consistency
In federated environments it is extremely likely that a remote server
will be offline or unreachable for a variety of reasons, and a
protocol generally needs to handle this network fault without causing
undue inconvenience to others involved. In Matrix, homeservers can
go completely offline without affecting other homeservers (and
therefore users) in the room - only users on that offline homeserver
would be affected.
During a network fault, homeservers can continue to send events to
the room without the involvement of the remaining homeservers. This
applies to both sides of the fault: the "offline" server might have
had an issue where it could not send or receive from the federation
side, but users are still able to send events internally - the server
can continue to queue these events until full connectivity is
restored. When network is restored between affected parties, they
simply send any traffic the remote side missed and the room's history
is merged together. This is eventual consistency: over time, all
homeservers involved will reach a consistent state, even through
network issues.
3. Rooms and Events
Rooms are a conceptual place where users can send and receive events.
Events are sent into the room, and all participants with sufficient
access will receive the event. Rooms have a unique identifier of
!opaque_localpart:example.org, with the server name in the ID
providing no meaning beyond a measure to ensure global uniqueness of
the room. It is not possible to create rooms with another server's
name in the ID.
Rooms are not "created on" any particular server because the room is
replicated to all participating homeservers equally. Though, at time
of creation, the room might only exist on a single server until other
participants are invited and joined (as is typical with creating a
new room).
Rooms are not limited in number of participants, and a "direct
message" (DM, 1:1) room is simply a room with two users in it. Rooms
can additionally have a "type" to clearly communicate their intended
purpose, however this type does not fundamentally change that events
are sent into the room for receipt by other users. The type
typically only changes client-side rendering/handling of the room.
Events are how data is exchanged over Matrix. Each client action
(eg: "send a message") correlates with exactly one event. Each event
has a type to differentiate different kinds of data, and each type
Ralston Expires 14 September 2023 [Page 5]
�
Internet-Draft Matrix as a Messaging Framework March 2023
SHOULD serve exactly one purpose. For example, an event for an image
might contain a "caption" (alt text), but should not contain a text
message to go along with the image - instead, the client would send
two events and use a structured relationship to represent the text
referencing the image.
Through the use of namespaces, events can represent any piece of
information. Clients looking to send text messages would use
m.message, for example, while an IoT device might send
org.example.temperature into the room. The namespace for event types
is the same as the Java package naming conventions (reverse domain
with purpose).
3.1. State Events
Within a room, some events are used to store key/value information:
these are known as state events. Alongside all the normal fields for
an event, they also contain a "state key" which is used to store
similar information of the same type in the room.
Such an example of a state event is membership: each member, once
involved in the room in some way, has a dedicated m.room.member state
event to describe their membership state (join, leave, ban, etc) and
a state key of their user ID. This allows their membership to change
and for other clients (or servers) to easily look up current
membership information using the event type and predictable state
key.
Other examples of state events are the room name, topic, permissions,
history visibility, join constraints, and creation information itself
(all with empty/blank state keys, as there's only one useful version
of each). Custom state events are additionally possible, just like
with custom events.
3.2. Room Versions
Rooms have strict rules for what is allowed to be contained within
them, and have various algorithms which handle different aspects of
the protocol, such as conflict resolution and acceptance of events.
To allow rooms to be improved upon through new algorithms or rules,
"room versions" are employed to manage a set of expectations for each
room. New room versions would be created and assigned as needed.
Ralston Expires 14 September 2023 [Page 6]
�
Internet-Draft Matrix as a Messaging Framework March 2023
Room versions do not have implicit ordering or hierarchy to them, and
once in place their principles are immutable (preventing all existing
rooms from breaking). This allows for breaking changes to be
implemented without actually breaking existing rooms: rooms would
"upgrade" to the new room version, putting their old copy behind
them.
Upgrading a room is done by creating a new room with the new version
specified, and adding some referential information in both rooms.
This is to allow clients and servers to treat the set of rooms as a
single logical room, with history being available for clients which
might wish to combine the timelines of the rooms to hide the
mechanics of the room upgrade itself.
Rooms can be upgraded any number of times, and because there's no
implicit ordering for room versions it's possible to "upgrade" from,
for example, version 2 to 1, or even 2 to 2.
Later in this document is a description of a room version suitable
for MIMI.
3.3. Mapping Features to Events
To achieve proper interoperability it is important to consider which
features the other clients (and sometimes servers) in the domain
support, and how to represent them using a common format
[I-D.ralston-mimi-messaging-requirements]. Matrix represents
everything either as Events, per earlier in this section, or as
Ephemeral Data Units (EDUs) [MxEDU] when the data doesn't need to be
persisted to the room.
This structure of having everything being a genericised event or EDU
allows Matrix to represent nearly every messaging feature as a
content format problem. Servers additionally do not generally need
to do much processing of events in order for the clients to operate,
and can even be purely store & forward-like nodes for clients. The
interface between client and server (also called the Client-Server
API) is out of scope for this document. The Matrix Client-Server API
[MxClientServerApi] may be a good reference for building a Matrix-
native client or server implementation.
In Matrix, the following is how some common features would be
represented:
Ralston Expires 14 September 2023 [Page 7]
�
Internet-Draft Matrix as a Messaging Framework March 2023
+=====================+======================================+
| Feature | Representation |
+=====================+======================================+
| Direct/Private | A room with 2 users in it |
| Messages, 1:1 chats | |
+---------------------+--------------------------------------+
| Message history | Natural consequence of Matrix's room |
| | algorithms. Stored on the server. |
+---------------------+--------------------------------------+
| Text messages | Timeline events |
+---------------------+--------------------------------------+
| Multimedia (images, | Timeline events |
| video, etc) | |
+---------------------+--------------------------------------+
| Message edits | Timeline events |
+---------------------+--------------------------------------+
| Redaction/Removal | Timeline events |
+---------------------+--------------------------------------+
| Reactions | Timeline events |
+---------------------+--------------------------------------+
| Replies & rich | Timeline events |
| markup | |
+---------------------+--------------------------------------+
| VoIP | Timeline events & WebRTC |
+---------------------+--------------------------------------+
| Threads | Timeline events |
+---------------------+--------------------------------------+
| Encryption | Timeline events containing an |
| | encrypted plaintext event payload |
+---------------------+--------------------------------------+
| Typing | EDUs |
| notifications | |
+---------------------+--------------------------------------+
| Read receipts | EDUs |
+---------------------+--------------------------------------+
| Presence/online | EDUs |
| status | |
+---------------------+--------------------------------------+
| Invites/membership | State events |
+---------------------+--------------------------------------+
| Room name, topic, | State events |
| etc | |
+---------------------+--------------------------------------+
Table 1: Examples of IM features mapped to Matrix
Ralston Expires 14 September 2023 [Page 8]
�
Internet-Draft Matrix as a Messaging Framework March 2023
Note: some features have not been included for brevity. The features
in the table above should represent enough of a baseline to determine
whether another feature would be a timeline event, state event, EDU,
or something else.
In Matrix's content format, updated and defined by MSC1767 [MSC1767],
fallbacks to rich text are common to ensure clients can particpate as
best as realistically possible when encountering features they don't
support. For example, a client which doesn't support polls might
represent that poll simply as a text message and users can react to
it (or simply reply with more text) to "vote".
4. Users and Devices
Each user, identified by @localpart:example.org, can have any number
of "devices" associated with them. Typically linked to a logged-in
session, a device has an opaque ID to identify it and usually holds
applicable encryption keys for end-to-end encryption.
Multiple algorithms for encryption are supported, though the Matrix
specification currently uses its own Olm and Megolm algorithms for
encryption. For increased interoperability, Matrix would adopt MLS
[I-D.ietf-mls-protocol] instead, likely with minor changes to support
decentralized environments [DMLS].
5. Room Version I.1
The room version grammar [MxRoomVersionGrammar] reserves versions
consisting solely of 0-9 and . for the Matrix protocol itself. For
purposes of MIMI, a reservation of versions starting with I. and
consisting otherwise of 0-9 and . is introduced.
The first version under this reservation would be I.1, described as
follows.
I.1 is based upon Matrix's Room Version 10 [MxRoomVersion10], and
MSC1767 [MSC1767] is incorporated to provide better content format
primitives. Note that while the Matrix specification references
clients and HTTP/JSON APIs, neither of these details are strictly
relevant for this document.
6. Federation API
In order to replicate a room across other homeservers, an API must
exist to federate accordingly. This document defines a transport-
agnostic API for federation in Matrix.
Ralston Expires 14 September 2023 [Page 9]
�
Internet-Draft Matrix as a Messaging Framework March 2023
Matrix aims for a "Multilateral" federation described by
[I-D.rosenberg-mimi-taxonomy], where servers can implement their own
non-standard checks on requests to ensure their server is operating
safely. For example, while this document describes an "invite API",
a server might choose to block invites from a particular server or
user for any reason it feels is reasonable (preventing the receiving
server from participating in the room).
The major APIs needed for federation are as follows. Note that where
Matrix specification already exists, transport details in that
specification are out of scope of this document.
* A way to invite users to a room (when their server isn't already
participating in the room). This is specified by Matrix already
[MxInviteApi].
* A way to join a room the server doesn't yet already participate
in. This is specified by Matrix already [MxJoinApi].
* A way to knock or request an invite to a room (when the server
isn't already participating in the room). This is specified by
Matrix already [MxKnockApi].
* A way to reject invites when the server isn't already
participating in the room. This is specified by Matrix already
[MxLeaveApi].
* A way to retrieve individual and missing events from other
participating servers, subject to history visbility and
authorization. This is specified by Matrix already [MxEventsApi]
[MxBackfillApi].
* A way to send events to another server. Matrix currently
describes this as a transport-level detail in the form of
transactions [MxTransactionApi].
Note that the membership APIs above only apply when the server isn't
already participating in the room. If the server is already
participating, the server can simply generate an appropriate
membership event for the user and send it to the other participating
servers directly - it does not need to handshake a valid event with a
resident server.
Matrix defines many more federation APIs such as to-device messaging,
ephemeral event handling (typing notifications, presence, etc), and
encryption-specific APIs, however these are out of scope of this
document.
Ralston Expires 14 September 2023 [Page 10]
�
Internet-Draft Matrix as a Messaging Framework March 2023
7. Identity
Matrix relies on identifiers being user IDs (@user:example.org),
however in the wider scope of MIMI it is expected that a user might
be trying to message a phone number instead of knowing the user ID.
This document does not define how an identifier like a phone number
is resolved to a user ID, but expects that a process exists to do so.
Such a service might resolve +1 555 123 4567 to
@15551234567:example.org, for example.
8. End-to-end Encryption
Encryption of events generally happens at the Content Format level,
with key exchange happening over a transport-level concern. Matrix
currently uses a dedicated set of APIs for key exchange, though with
the adoption of MLS by MIMI there are expected changes [MxDevicesApi]
[MxEncryptionApi] [MxToDeviceApi].
9. Security Considerations
Not formally specified in this version of the document, Matrix has
several threat model considerations to ensure feature development
does not make these threats easier to achieve. They are currently
specified in v1.6 of the Matrix specification under Section 6 of the
Appendices. [MxSecurityThreatModel]
10. IANA Considerations
This document has no IANA actions.
11. References
11.1. Normative References
[I-D.ralston-mimi-messaging-requirements]
Ralston, T., "Requirements of Interoperable Messaging",
Work in Progress, Internet-Draft, draft-ralston-mimi-
messaging-requirements-00, 13 March 2023,
<https://datatracker.ietf.org/doc/html/draft-ralston-mimi-
messaging-requirements-00>.
[I-D.rosenberg-mimi-taxonomy]
Rosenberg, J., "A Taxonomy for More Messaging Interop
(MIMI)", Work in Progress, Internet-Draft, draft-
rosenberg-mimi-taxonomy-00, 24 October 2022,
<https://datatracker.ietf.org/doc/html/draft-rosenberg-
mimi-taxonomy-00>.
Ralston Expires 14 September 2023 [Page 11]
�
Internet-Draft Matrix as a Messaging Framework March 2023
[MSC1767] Hodgson, M. and T. Ralston, "Extensible event types &
fallback in Matrix (v2)", 2023, <https://github.com/
matrix-org/matrix-spec-
proposals/blob/01654eb2dec7769daf1d8d7a25c04cb70a1ac9f4/
proposals/1767-extensible-events.md>.
[MxBackfillApi]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Federation API | Backfill", 2023,
<https://spec.matrix.org/v1.6/server-server-
api/#backfilling-and-retrieving-missing-events>.
[MxEventsApi]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Federation API | Event Retrieval", 2023,
<https://spec.matrix.org/v1.6/server-server-
api/#retrieving-events>.
[MxInviteApi]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Federation API | Invites", 2023,
<https://spec.matrix.org/v1.6/server-server-api/#inviting-
to-a-room>.
[MxJoinApi]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Federation API | Joins", 2023,
<https://spec.matrix.org/v1.6/server-server-api/#joining-
rooms>.
[MxKnockApi]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Federation API | Knocks", 2023,
<https://spec.matrix.org/v1.6/server-server-api/#a-
nameknocking-rooms-knocking-upon-a-room>.
[MxLeaveApi]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Federation API | Leaves and Rejected Invites",
2023, <https://spec.matrix.org/v1.6/server-server-
api/#leaving-rooms-rejecting-invites>.
[MxRoomVersion10]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Room Version 10", 2023,
<https://spec.matrix.org/v1.6/rooms/v10/>.
Ralston Expires 14 September 2023 [Page 12]
�
Internet-Draft Matrix as a Messaging Framework March 2023
[MxRoomVersionGrammar]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Room Versions | Room Version Grammar", 2023,
<https://spec.matrix.org/v1.6/rooms/#room-version-
grammar>.
11.2. Informative References
[DMLS] Chathi, H., "Decentralised MLS", Web
https://gitlab.matrix.org/matrix-org/mls-ts/-
/blob/dd57bc25f6145ddedfb6d193f6baebf5133db7ed/
decentralised.org, 2021, <https://gitlab.matrix.org/
matrix-org/mls-ts/-
/blob/dd57bc25f6145ddedfb6d193f6baebf5133db7ed/
decentralised.org>.
[I-D.ietf-mls-protocol]
Barnes, R., Beurdouche, B., Robert, R., Millican, J.,
Omara, E., and K. Cohn-Gordon, "The Messaging Layer
Security (MLS) Protocol", Work in Progress, Internet-
Draft, draft-ietf-mls-protocol-18, 13 March 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-mls-
protocol-18>.
[MxClientServerApi]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Client-Server API", 2023,
<https://spec.matrix.org/v1.6/client-server-api>.
[MxDevicesApi]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Federation API | Device Management", 2023,
<https://spec.matrix.org/v1.6/server-server-api/#device-
management>.
[MxEDU] The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Federation API | EDUs", 2023,
<https://spec.matrix.org/v1.6/server-server-api/#edus>.
[MxEncryptionApi]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Federation API | End-to-End Encryption", 2023,
<https://spec.matrix.org/v1.6/server-server-api/#end-to-
end-encryption>.
Ralston Expires 14 September 2023 [Page 13]
�
Internet-Draft Matrix as a Messaging Framework March 2023
[MxSecurityThreatModel]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Appendices | Security Threat Model", 2023,
<https://spec.matrix.org/v1.6/appendices/#security-threat-
model>.
[MxSpec] The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6", 2023, <https://spec.matrix.org/v1.6/>.
[MxToDeviceApi]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Federation API | Send-to-device Messaging", 2023,
<https://spec.matrix.org/v1.6/server-server-api/#send-to-
device-messaging>.
[MxTransactionApi]
The Matrix.org Foundation C.I.C., "Matrix Specification |
v1.6 | Federation API | Transactions", 2023,
<https://spec.matrix.org/v1.6/server-server-
api/#transactions>.
Author's Address
Travis Ralston
The Matrix.org Foundation C.I.C.
Email: travisr@matrix.org
Ralston Expires 14 September 2023 [Page 14]
