chore: rename project quicnprotochat -> quicproquo (binaries: qpq)
Rename the entire workspace:
- Crate packages: quicnprotochat-{core,proto,server,client,gui,p2p,mobile} -> quicproquo-*
- Binary names: quicnprotochat -> qpq, quicnprotochat-server -> qpq-server,
quicnprotochat-gui -> qpq-gui
- Default files: *-state.bin -> qpq-state.bin, *-server.toml -> qpq-server.toml,
*.db -> qpq.db
- Environment variable prefix: QUICNPROTOCHAT_* -> QPQ_*
- App identifier: chat.quicnproto.gui -> chat.quicproquo.gui
- Proto package: quicnprotochat.bench -> quicproquo.bench
- All documentation, Docker, CI, and script references updated
HKDF domain-separation strings and P2P ALPN remain unchanged for
backward compatibility with existing encrypted state and wire protocol.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -13,7 +13,7 @@ PCS is the complement of [forward secrecy](forward-secrecy.md):
|
||||
- **Post-compromise security** protects the **future** from a past compromise.
|
||||
|
||||
MLS (RFC 9420) is specifically designed to provide both properties simultaneously
|
||||
for group messaging. This is a key differentiator of quicnprotochat's design.
|
||||
for group messaging. This is a key differentiator of quicproquo's design.
|
||||
|
||||
## How MLS Provides PCS
|
||||
|
||||
@@ -64,7 +64,7 @@ This means:
|
||||
For a group of 1,000 members, the path length is approximately 10 nodes --
|
||||
making PCS practical even for large groups.
|
||||
|
||||
## Epoch Advancement in quicnprotochat
|
||||
## Epoch Advancement in quicproquo
|
||||
|
||||
In the current implementation, epoch advancement occurs through the `GroupMember`
|
||||
methods in `group.rs`:
|
||||
@@ -145,7 +145,7 @@ deleted), and future epochs are protected by PCS (new key material generated).
|
||||
|
||||
Signal's group messaging uses **Sender Keys**, a fundamentally different
|
||||
mechanism from MLS's ratchet tree. The comparison is instructive because it
|
||||
highlights why MLS was chosen for quicnprotochat:
|
||||
highlights why MLS was chosen for quicproquo:
|
||||
|
||||
### Signal Sender Keys
|
||||
|
||||
@@ -168,7 +168,7 @@ security. If an attacker compromises a member's Sender Key:
|
||||
membership changes.
|
||||
- There is no automatic healing mechanism analogous to MLS's ratchet tree.
|
||||
|
||||
### MLS Ratchet Tree (quicnprotochat)
|
||||
### MLS Ratchet Tree (quicproquo)
|
||||
|
||||
In contrast, MLS's ratchet tree provides PCS because:
|
||||
|
||||
@@ -218,7 +218,7 @@ periodic Updates (planned) will bound the healing window.
|
||||
|
||||
### Server compromise does not prevent PCS
|
||||
|
||||
The quicnprotochat server is MLS-unaware -- it stores and forwards encrypted
|
||||
The quicproquo server is MLS-unaware -- it stores and forwards encrypted
|
||||
MLS messages without access to the group state. A compromised server cannot:
|
||||
|
||||
- Prevent PCS by blocking Commits (it could perform denial-of-service, but
|
||||
|
||||
Reference in New Issue
Block a user