You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Private Groups (and removal of peers) seems like it will require a change to ssb-ebt, for a feature that currently doesn't exist.
Private Group removal has a specific requirement that the removed peer's feed should still be preserved (also for new members, which means that the removed peer's feed has to be actively replicated), BUT simultaneously all new messages published by the removed peer have to be ignored.
One option is to continue replicating the removed peer's feed, but hide them in the UI. This might likely be a good enough strategy for a first deployment of this feature. But soon enough, we will have to stop replicating new messages for that feed, because it's a security risk. If the removed peer was pathologically dangerous, we don't want to give that peer the opportunity to explicitly spam the group and cause an overflooding of msgs in every peer's log.
Problem
ssb-ebt currently seems to allow replicating (reminder: this means both serving that feed and requesting that feed) a feed, but no other customizations are allowed. Since we need new group members to get the removed peer's old messages, we have to serve that feed via ssb-ebt, but serving also means requesting updates to it.
Proposals
A
One idea is to allow specifying a sequence number to truncate the feed.
B
Another idea is to split the replication input so that you can serve a feed as a separate operation from requesting that feed. For most cases, you would default to doing both serve & request, but for the use case of removed group members, we could just serve the feed without requesting it.
However, that has a problem: a new group member needs to request the feed of the removed group member, and this may cause them to accidentally get the newer post-removal msgs (suppose e.g. that the new group member is a friend of the removed group member, and they are connecting directly via LAN).
Maybe we can do both options A and B?
The text was updated successfully, but these errors were encountered:
If we go with the multiple feeds solution, then I think we should be able to use the rx/tx flags in EBT to signal that we can replicate the messages we already have for the removed peer, but we will not receive later messages from that peer. A new peer that might want these old messages could set their mode to receive and later when in sync with these messages would change their state. This is somewhat related to #80. Will respond there as well.
Context
Private Groups (and removal of peers) seems like it will require a change to ssb-ebt, for a feature that currently doesn't exist.
Private Group removal has a specific requirement that the removed peer's feed should still be preserved (also for new members, which means that the removed peer's feed has to be actively replicated), BUT simultaneously all new messages published by the removed peer have to be ignored.
One option is to continue replicating the removed peer's feed, but hide them in the UI. This might likely be a good enough strategy for a first deployment of this feature. But soon enough, we will have to stop replicating new messages for that feed, because it's a security risk. If the removed peer was pathologically dangerous, we don't want to give that peer the opportunity to explicitly spam the group and cause an overflooding of msgs in every peer's log.
Problem
ssb-ebt currently seems to allow replicating (reminder: this means both serving that feed and requesting that feed) a feed, but no other customizations are allowed. Since we need new group members to get the removed peer's old messages, we have to serve that feed via ssb-ebt, but serving also means requesting updates to it.
Proposals
A
One idea is to allow specifying a sequence number to truncate the feed.
B
Another idea is to split the replication input so that you can serve a feed as a separate operation from requesting that feed. For most cases, you would default to doing both serve & request, but for the use case of removed group members, we could just serve the feed without requesting it.
However, that has a problem: a new group member needs to request the feed of the removed group member, and this may cause them to accidentally get the newer post-removal msgs (suppose e.g. that the new group member is a friend of the removed group member, and they are connecting directly via LAN).
Maybe we can do both options A and B?
The text was updated successfully, but these errors were encountered: