P7. State machines
Work in progress — not audited
Normative protocol documentation for the current implementation. Not independently audited.
P7.1 Connection FSM
| State | Allows message E2EE |
|---|---|
Idle | No |
SignalingRegistered | No |
WebRTCConnecting | No |
DataChannelOpen | No |
CryptoHandshaking | No (handshake PDUs only) |
Ready | Yes |
Disconnected | No |
P7.2 Crypto handshake FSM
Implementations MAY parallelize Signal and MLS substates; they MUST reach Ready only when all enabled layers in cipherLayers are initialized.
P7.3 Per-peer encryption set
- Global set
encryptedConnectionscontains remotepeerIdstrings. - Send path checks membership before encrypt (P6).
- On disconnect, peer SHOULD be removed from set.
P7.4 Reconnection transitions
| From | Event | To | Crypto action |
|---|---|---|---|
Ready | ICE lost | Disconnected | Keep local state |
Disconnected | ICE restored | DataChannelOpen | If state intact → Ready; else → CryptoHandshaking |
Ready | Session corrupt | CryptoHandshaking | Full handshake |
P7.5 Group state (experimental)
Additional states for groupId, MLS epochs, and groupMembers map. Not normative for production security claims until audited.