P3. Session establishment
Normative protocol documentation for the current implementation. Not independently audited.
P3.1 Preconditions
- Both peers registered on signaling broker.
- WebRTC data channel state is
open. enableEncryptionis true (production default).
P3.2 Handshake order (normative)
When EnkryptedChat-Profile-v0 cascade is enabled, peers SHOULD exchange PDUs in this order (either peer may send first where symmetric):
| Step | PDU type | Purpose |
|---|---|---|
| 1 | mls-key-package-request | Request remote MLS key package |
| 2 | mls-key-package | Deliver MLS key package |
| 3 | mls-encryption-sync-request | Synchronize encryption state |
| 4 | mls-encryption-sync-response | Respond to sync |
| 5 | signal-key-exchange-request | Start P2P Signal material exchange |
| 6 | signal-key-exchange-response | Respond to Signal exchange |
| 7 | signal-session-complete | Signal session ready |
| 8 | mlkem-key-exchange | ML-KEM public key material |
| 9 | mlkem-key-exchange-response | ML-KEM response |
| 10 | mls-commit / mls-welcome | MLS group commits (as needed) |
| 11 | mls-welcome-ack | Ack welcome (when applicable) |
Exact ordering may include additional mls-commit rounds for groups. Implementations MUST tolerate interleaved handshake PDUs until encryptionReady is true.
P3.3 Completion criterion
Session crypto is ready when:
encryptionReadyRefis true inMLSProvider, and- Remote peer ID is in
encryptedConnectionsset.
Only then MUST encrypted message PDUs be sent (see P6).
P3.4 Sequence diagram (1:1)
P3.5 P2P Signal deltas
Without a central pre-key server, X3DH material is exchanged in live PDUs over the data channel. Normative deltas: Appendix B. Tutorial: P2P Signal Protocol.
P3.5.1 Trust on first use
Peers MUST treat broker Peer IDs as routing handles only. Cryptographic trust comes from in-band Signal/MLS handshakes (TOFU). Deployments SHOULD offer safety-number or QR verification for high-risk users (product UX; not required for encryptionReady).
P3.6 Reconnection
| State persisted locally | On reconnect |
|---|---|
| Signal ratchet state | MAY resume if both peers retain state and peer IDs unchanged |
| MLS epoch / group state | MAY resume for same groupId |
| WebRTC session | MUST re-establish ICE/signaling |
If crypto state is lost, peers MUST repeat handshake from step 1.
P3.7 Reconnection sequence
P3.8 Key rotation sequence
P3.9 Out-of-order chunks
P3.10 Group sessions
Group chat uses additional PDUs (group-member-joined, mls-welcome, etc.). Status: experimental — normative PDU shapes in P4; security claims in ch. 11.