Difference between revisions of "LSL Protocol/Restrained Love Open Relay Group/email/006 draft"

From Second Life Wiki
Jump to navigation Jump to search
(keys don't change anymore on teleport)
(RestrainedLove)
 
(19 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{ ORG Restrained Life Relay Specs TOC }}
{{Restrained Love Open Relay Group TOC}}


= !x-email =
= !x-email =
Line 6: Line 6:
VERSION: 006
VERSION: 006


PREREQUISITE: '''''[[LSL Protocol/Restrained Love Open Relay Group/forward|forward]]'''''
MANDATORY DEPENDENCIES: '''''[[LSL Protocol/Restrained Love Open Relay Group/key|key]]'''''
 
RECOMMENDED: '''''[[LSL Protocol/Restrained Love Open Relay Group/autoforward|autoforward]]''''', '''''[[LSL Protocol/Restrained Love Open Relay Group/sensor|sensor]]'''''


''005 implemented in Satomi's Multi-Relay HUD 0.93, and Satomi's Witchy Remote 1.1beta2''
''005 implemented in Satomi's Multi-Relay HUD 0.93, and Satomi's Witchy Remote 1.1beta2''


''005 Implemented in Dahlia's multirelay >=0.39 and anythingRLV >=2.97''
''005 Implemented in Dahlia's multirelay >=0.39 and anythingRLV >=2.97''
Initiate an email-encapsulated RLVR session.
On reception of !x-email, the relay should make itself ready for the protocol initiation, which means starting checking emails periodically. The command should be ignored (or ko'd) by older relays.
Other commands used in this protocol: !x-session, !x-session-confirm, '''''[[LSL Protocol/Restrained Life Open Relay Group/x-channel|!x-channel]]'''''. Full support for '''''[[LSL Protocol/Restrained Life Open Relay Group/x-channel|!x-channel]]''''' is also strongly recommended for !x-email support.


==Presentation of e-mails==
==Presentation of e-mails==
The topic: ORG encapsulated RLVR protocol,<protocol version>, <session_key>
The topic: ORG encapsulated RLVR protocol,<protocol version>, <session_key>


  ex:  ORG encapsulated RLVR protocol,005,45afb982-d02c-35e1-d492-a948b92c92f3
  ex:  ORG encapsulated RLVR protocol,006,45afb982-d02c-35e1-d492-a948b92c92f3
The session key is a secret shared by both relay and controlling device, and will be created during the protocol initiation.
The session key is a secret shared by both relay and controlling device, and will be created during the protocol initiation using !x-key as defined in '''''[[LSL Protocol/Restrained Love Open Relay Group/key|key]]'''''.
 
 
The message: consists of several submessages, each on a different line.
 
A submessage is:
* either a RLVR standard message (only without the recipient key): <identifier>,<RLVR command> for a controlling object message, and <identifier>,<RLVR command>,<ack> for a relay message.
* either a RL viewer answer as described in '''''[[LSL Protocol/Restrained Love Open Relay Group/forward|forward]]''''' (for instance an answer to a @getstatus or @version):  <channel>,<viewer answer>


==Protocol scenarii==
==Example of initialization between a controller C and the relay R==


Conventions: messages are symbolized by different types of arrows. We suppose the controller (C) is on the left and the relay (R) on the right. An arrow with a c (-c>) is a chat message on RLVR channel (or whatever channel the controller and the relay negotiated before). An arrow with a e (-e>), is a submessage (like defined before) in an email with the requirements stated before.
In the following exchange, the controller C and the relay R negotiates a secret UUID key which will be the key of the session. The exchange is done using llRegionSayTo() to keep the key secret (k(R) is the UUID key of the wearer of the relay and k(C) the UUID key of the controller).


  C(ontroller)<->R(elay)
  1 C--RLVR--> R    secret_key,k(R),!x-key/a586c562-bf27-b7db-e36e-822d0a9ba02a
2 C<-RLVR--- R   secret_key,k(C),!x-key/a586c562-bf27-b7db-e36e-822d0a9ba02a,ok


-c> is a message by chat channel: authentified, but may not be private
Then C can start an email session using !x-email as follows:  
-R> is a llRegionSayTo message by chat channel: authentified and private
-e> is a message by email: private but not authentified


===Email session initiation protocol (with session transfer):===
1 C--RLVR--> R    blah,k(R),!x-email
2 C<-RLVR--- R    blah,k(C),!x-email,ok


This protocol establishes an authentified email session and transfers whatever restrictions C already had on R.
Without secret key, the answer for !x-email must be a "ko". There are no exceptions. Then the session can continue by email using the subject "ORG encapsulated RLVR protocol,006,a586c562-bf27-b7db-e36e-822d0a9ba02a".
 
1 -c>    blah,k(R),!x-email
2 <R-    blah,k(C),!x-email,k(S)
 
Comments:
* After 2, the relay is ready to initiate the session (it is listening to emails), and the controller (also listening) knows it.
* Before 2, the relay randomly generates a session key, k(S), that goes into the future e-mail topics.
* In 2, R sends k(S) toC. C knows it actually comes from R, and since it was a llRegionSayTo message, R also knows that only R and C share this secret.
 
After this initial exchange, assuming no email can be eavesdropped, both partners remain assured of the identity of their counterpart, because nobody else knows k(S) and can include it in every topic. Since R knows C remains the same object during all the initiation, it means that pre-existing restrictions can be carried over as belonging to k(C) (which can safely be replaced by k(S) internally, depending on the relay implementation).
 
 
===Remote initiation protocol:===


  1 -e>    bleh,<anything>
  1 -e>    bleh,<anything>
Line 62: Line 38:
  ...
  ...


In other words: if the relay is already polling email, and C knows k(R) (and thus its email address) no specific step is required. In this case, it is up to C to create a session key.
'''Remark'''


If the relay is not polling email, it can be started thanks to another controller X in the same sim as R, by the following exchange:
* The autoforward and sensor x-tensions are not required: a controller does not necessarily need to send @getxxx or @notify commands, or to scan for objects or avatars. The autoforward and the sensor x-tensions may be used also for a simwide control (i.e. a chat session with the controller and the relay distant of more than 100m).


1 X-c>R    blah,k(R),!x-email
==Ending the email session between a controller C and the relay R==
2 X<R-R     blah,k(X),!x-email,k(S)


Only requirement: if the relay advertises being open on email, it has to poll email. The !x-email exchange above plays this role, enabling polling, but maybe other means can be used.
To end up an email session, the command !x-takeover is used (in 005, the command !x-channel was used but this command will be less useful in the future and probably deprecated because of llRegionSayTo()).


1 C--RLVR--> R  back_to_chat,k(R),!x-takeover/a586c562-bf27-b7db-e36e-822d0a9ba02a
2 C<-RLVR--- R  back_to_chat,k(C),!x-takeover/a586c562-bf27-b7db-e36e-822d0a9ba02a,ok


===Relaying viewer chat messages:===
Note that in the above exchange, the controller C is not necessarily the first controller; the above commands can also be interpreted as a kind of handover.


Viewer replies are forwarded back to the controller by the relay, according to the lines of '''''[[LSL Protocol/Restrained Love Open Relay Group/forward|forward]]'''''.
'''Remarks'''


Example 1:
* The commands using the secret session key must use llRegionSayTo(): !x-key and !x-takeover
-e>  bloh,@getxxxx=1234
* This behaviour of !x-takeover is already in the version 002 of the x-tension key.
<e- bloh,@getxxx=1234,ok
<e- 1234,<viewer_chat_message>


Example 2:
==Testing controller's presence==
-e>  bloh,!x-fwd/getxxxx
<e-  bloh,!x-fwd/getxxx,<viewer_chat_message>


===Ending e-mail session and going to chat===
-e>    blih,!x-email/clear
<e-    blih,!x-email/clear,ok
Both relay and controller have to check that their recipient is in chat range. The controller before even trying. The relay before acknowledging. If the latter fails, then the relay should answer:
<e-    blih,!x-email/clear,ko
===Testing controller's presence===
For garbage collection purposes, be it on relog, or on regular basis, R might want to check if C is still active. The ping mechanism can be used here.
For garbage collection purposes, be it on relog, or on regular basis, R might want to check if C is still active. The ping mechanism can be used here.
  <e-    ping,ping,ping
  <e-    ping,ping,ping
  -e>    ping,!pong
  -e>    ping,!pong


C can check R's presence by sending any valid message, as acknowledgement by R is required for every RLVR message from C. If the only purpose of the message is presience verification, the following scenario is recommended:
The important thing is that the relay remembers it was an email session after relog.
 
C can check R's presence by sending any valid message, as acknowledgement by R is required for every RLVR message from C. If the only purpose of the message is presence verification, the following scenario is recommended:
  -e>    blah,!x-email
  -e>    blah,!x-email
  <e-    blah,!x-email,ok
  <e-    blah,!x-email,ok


===Handover===
==Handover==
!handover/K/n should work like in chat sessions (with the semantics that the session is transfered to the object of key K, chatting on standard RLVR channel).
!x-handover/K/n should work like in chat sessions (with the semantics that the session is transferred to the object of key K, chatting on standard RLVR channel).


Handing over to another object while remaining in e-mail mode, doesn't however require any special step. The following scenario can be used:
Handing over to another object while remaining in e-mail mode, doesn't however require any special step. The following scenario can be used:
Line 109: Line 76:
  3 - now  C' can continue e-mailing with S, using key k(S) (and can use the "C has a new key" scenario)
  3 - now  C' can continue e-mailing with S, using key k(S) (and can use the "C has a new key" scenario)


==Requirements==
Handing over to oneself can also be used to switch back to chat mode.
* On !x-email acknowledgement, the relay should start listening to e-mails and handle them like RLVR messages. The relay confirms that the RLVR session with the controller is transfered to e-mail, which means e-mails with the negotiated session key should be handled as if coming from the controller.
* Whenever the relay accepts a RLV command with calls for a viewer answer (@blah=1234), the relay must listen to the viewer answer, and forward it via email to the controller, behaving exactly as if !x-forward had been issued.
* !x-forward/clean must never be acted upon while in email mode (an appropriate answer is !x-forward/clean,ko).

Latest revision as of 00:06, 29 July 2012

!x-email

STATUS: draft

VERSION: 006

MANDATORY DEPENDENCIES: key

RECOMMENDED: autoforward, sensor

005 implemented in Satomi's Multi-Relay HUD 0.93, and Satomi's Witchy Remote 1.1beta2

005 Implemented in Dahlia's multirelay >=0.39 and anythingRLV >=2.97

Presentation of e-mails

The topic: ORG encapsulated RLVR protocol,<protocol version>, <session_key>

ex:  ORG encapsulated RLVR protocol,006,45afb982-d02c-35e1-d492-a948b92c92f3

The session key is a secret shared by both relay and controlling device, and will be created during the protocol initiation using !x-key as defined in key.

Example of initialization between a controller C and the relay R

In the following exchange, the controller C and the relay R negotiates a secret UUID key which will be the key of the session. The exchange is done using llRegionSayTo() to keep the key secret (k(R) is the UUID key of the wearer of the relay and k(C) the UUID key of the controller).

1 C--RLVR--> R    secret_key,k(R),!x-key/a586c562-bf27-b7db-e36e-822d0a9ba02a
2 C<-RLVR--- R    secret_key,k(C),!x-key/a586c562-bf27-b7db-e36e-822d0a9ba02a,ok

Then C can start an email session using !x-email as follows:

1 C--RLVR--> R    blah,k(R),!x-email
2 C<-RLVR--- R    blah,k(C),!x-email,ok

Without secret key, the answer for !x-email must be a "ko". There are no exceptions. Then the session can continue by email using the subject "ORG encapsulated RLVR protocol,006,a586c562-bf27-b7db-e36e-822d0a9ba02a".

1 -e>     bleh,<anything>
2 <e-     bleh,<anything>,<ack>
...

Remark

  • The autoforward and sensor x-tensions are not required: a controller does not necessarily need to send @getxxx or @notify commands, or to scan for objects or avatars. The autoforward and the sensor x-tensions may be used also for a simwide control (i.e. a chat session with the controller and the relay distant of more than 100m).

Ending the email session between a controller C and the relay R

To end up an email session, the command !x-takeover is used (in 005, the command !x-channel was used but this command will be less useful in the future and probably deprecated because of llRegionSayTo()).

1 C--RLVR--> R   back_to_chat,k(R),!x-takeover/a586c562-bf27-b7db-e36e-822d0a9ba02a
2 C<-RLVR--- R   back_to_chat,k(C),!x-takeover/a586c562-bf27-b7db-e36e-822d0a9ba02a,ok

Note that in the above exchange, the controller C is not necessarily the first controller; the above commands can also be interpreted as a kind of handover.

Remarks

  • The commands using the secret session key must use llRegionSayTo(): !x-key and !x-takeover
  • This behaviour of !x-takeover is already in the version 002 of the x-tension key.

Testing controller's presence

For garbage collection purposes, be it on relog, or on regular basis, R might want to check if C is still active. The ping mechanism can be used here.

<e-    ping,ping,ping
-e>    ping,!pong

The important thing is that the relay remembers it was an email session after relog.

C can check R's presence by sending any valid message, as acknowledgement by R is required for every RLVR message from C. If the only purpose of the message is presence verification, the following scenario is recommended:

-e>    blah,!x-email
<e-    blah,!x-email,ok

Handover

!x-handover/K/n should work like in chat sessions (with the semantics that the session is transferred to the object of key K, chatting on standard RLVR channel).

Handing over to another object while remaining in e-mail mode, doesn't however require any special step. The following scenario can be used:

1 - assume C has a session with R, using key k(S)
2 - C gives k(S) to another object C' via any preferred medium
3 - now  C' can continue e-mailing with S, using key k(S) (and can use the "C has a new key" scenario)

Handing over to oneself can also be used to switch back to chat mode.