Expand description
§Credentials
A Credential contains identifying information about the client that
created it. Credentials represent clients in MLS groups and are used to
authenticate their messages. Each
KeyPackage, as well as each client
(leaf node) in the group (tree), contains a Credential and is
authenticated.
The Credential must be checked by an authentication server and the
application. This process is out of scope for MLS.
Clients can create a Credential.
The MLS protocol allows the Credential representing a client in a group
to change over time. Concretely, members can issue an Update proposal or a
Full Commit to update their LeafNode,
including the Credential in it. The Update must be authenticated using
the signature public key corresponding to the old Credential.
When receiving a credential update from another member, applications must query the Authentication Service to ensure the new credential is valid.
There are multiple CredentialTypes, although OpenMLS currently only
supports the BasicCredential.
Modules§
- errors
- Credential errors
- test_
utils test-utils
Structs§
- Basic
Credential - Basic Credential.
- Certificate
- X.509 Certificate.
- Credential
- Credential.
- Credential
With Key - A wrapper around a credential with a corresponding public key.
- NewSigner
Bundle - Bundle consisting of a [
Signer] and aCredentialWithKeyto be used to update the signature key in anMlsGroup. The public key and credential incredential_with_keyMUST match the signature key exposed bysigner.
Enums§
- Credential
Type - CredentialType.