Chris Nennemann
853ca4fec0
Rename the entire workspace:
- Crate packages: quicnprotochat-{core,proto,server,client,gui,p2p,mobile} -> quicproquo-*
- Binary names: quicnprotochat -> qpq, quicnprotochat-server -> qpq-server,
quicnprotochat-gui -> qpq-gui
- Default files: *-state.bin -> qpq-state.bin, *-server.toml -> qpq-server.toml,
*.db -> qpq.db
- Environment variable prefix: QUICNPROTOCHAT_* -> QPQ_*
- App identifier: chat.quicnproto.gui -> chat.quicproquo.gui
- Proto package: quicnprotochat.bench -> quicproquo.bench
- All documentation, Docker, CI, and script references updated
HKDF domain-separation strings and P2P ALPN remain unchanged for
backward compatibility with existing encrypted state and wire protocol.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
4.9 KiB
Protocol Layers Overview
quicproquo composes four distinct protocol layers into a single security stack. Each layer addresses a specific class of threat and delegates everything else to the layers above or below it. No single layer is sufficient on its own; the composition is what delivers end-to-end confidentiality, server authentication, forward secrecy, post-compromise security, and post-quantum resistance.
This page provides a high-level comparison and a suggested reading order. The deep-dive pages that follow contain implementation details drawn directly from the source code.
Layer comparison
| Layer | Standard / Spec | Crate(s) | Security Properties |
|---|---|---|---|
| QUIC + TLS 1.3 | RFC 9000, RFC 9001 | quinn 0.11, rustls 0.23 |
Transport confidentiality, server authentication, 0-RTT resumption |
| Cap'n Proto | capnproto.org specification | capnp 0.19, capnp-rpc 0.19 |
Zero-copy deserialisation, schema-enforced types, canonical serialisation for signing, async RPC |
| MLS | RFC 9420 | openmls 0.5 |
Group key agreement, forward secrecy, post-compromise security (PCS) |
| Hybrid KEM | draft-ietf-tls-hybrid-design | ml-kem 0.2, x25519-dalek 2 |
Post-quantum resistance via ML-KEM-768 combined with X25519 |
How the layers compose
Data flows through the stack from top to bottom on send and from bottom to top on receive:
Application plaintext
|
v
+-----------+
| MLS | RFC 9420 group encryption (PrivateMessage)
+-----------+
|
v
+-----------+
| Cap'n Proto| Schema-typed serialisation into Envelope frames
+-----------+
|
v
+-----------+
| QUIC+TLS | QUIC transport encryption (TLS 1.3)
+-----------+
|
v
Network
The Hybrid KEM layer operates orthogonally: it wraps MLS payloads in an outer post-quantum encryption envelope before they enter the transport layer. It is implemented and tested but not yet integrated into the MLS ciphersuite (planned for the M5 milestone).
Suggested reading order
The pages in this section are ordered to build understanding incrementally:
-
QUIC + TLS 1.3 -- Start here. This is the transport layer that every client-server connection uses. Understanding QUIC stream multiplexing and the TLS 1.3 handshake is prerequisite to understanding how Cap'n Proto RPC rides on top.
-
MLS (RFC 9420) -- The core cryptographic innovation. MLS provides the group key agreement that makes quicproquo an E2E encrypted group messenger rather than just a transport-encrypted relay. This is the longest and most detailed page.
-
Cap'n Proto Serialisation and RPC -- The serialisation and RPC layer that bridges MLS application data with the transport. Understanding the Envelope schema, the ParsedEnvelope owned type, and the NodeService RPC interface is essential for reading the server and client source code.
-
Hybrid KEM: X25519 + ML-KEM-768 -- The post-quantum encryption layer. Read this last because it builds on concepts from all other layers: key encapsulation (from MLS), wire format conventions (from Cap'n Proto), and AEAD encryption.
Cross-cutting concerns
Several topics span multiple layers and have their own dedicated pages elsewhere in this book:
- Forward secrecy: Provided by MLS epoch ratcheting. See Forward Secrecy.
- Post-compromise security: Provided by MLS Update proposals. See Post-Compromise Security.
- Post-quantum readiness: Currently provided by the standalone Hybrid KEM module; integration into MLS is planned for M5. See Post-Quantum Readiness.
- Key lifecycle and zeroization: Private key material is zeroized after use across all layers. See Key Lifecycle and Zeroization.
- Wire format details: The Cap'n Proto schema definitions are documented in the Wire Format Reference section.
- Design rationale: The ADR pages explain why each layer was chosen. See Design Decisions Overview.
Crate mapping
Each protocol layer maps to one or more workspace crates:
| Layer | Primary Crate | Source File(s) |
|---|---|---|
| QUIC + TLS 1.3 | quicproquo-server, quicproquo-client |
main.rs (server and client entry points) |
| Cap'n Proto | quicproquo-proto |
src/lib.rs, build.rs, schemas/*.capnp |
| MLS | quicproquo-core |
src/group.rs, src/keystore.rs |
| Hybrid KEM | quicproquo-core |
src/hybrid_kem.rs |
For a full crate responsibility breakdown, see Crate Responsibilities.