MIP-00/MIP-02: Add client_id tag for multi-device KeyPackage discovery#40
MIP-00/MIP-02: Add client_id tag for multi-device KeyPackage discovery#40justinmoon wants to merge 1 commit intomarmot-protocol:masterfrom
Conversation
Each device installation generates a random 32-byte client_id on first launch and includes it in every Kind:443 KeyPackage event. This allows inviters to group KeyPackages by client_id and select exactly one per device, solving the multi-device discovery problem. Changes: - MIP-00: Add client_id to example event, field explanations, and a new 'Multi-Device Support' section covering the discovery problem, the client_id tag spec, the selection algorithm, privacy considerations, and backward compatibility - MIP-02: Add 'Multi-Device Considerations' section for Welcome delivery to multiple devices - CHANGELOG: Document both additions
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing touches🧪 Generate unit tests (beta)
Tip Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Critical Gaps
The PR says it "reveals nothing" beyond device count, but that's not accurate. A persistent client_id that lives for the entire installation lifetime allows
The PR handwaves this as "already observable once devices join a group" but that's visible only to group members. The client_id on kind: 443 events is visible to
The spec has zero guidance on:
This is the biggest practical gap. Without lifecycle management, the client_id degrades to a best-effort heuristic that creates phantom leaf nodes.
"Each untagged KeyPackage SHOULD be treated as belonging to a unique, unknown device" This means if a user has 5 old-style KPs without client_id, the inviter creates 5 separate Welcomes, potentially creating 5 leaf nodes for one device. The
The client_id is entirely self-reported. There's no discussion of:
The PR doesn't explain why client_id was chosen over alternatives:
At minimum, a "Rationale" or "Alternatives Considered" section would strengthen the proposal.
The client_id tag is "recommended" (SHOULD), but the selection algorithm in "KeyPackage Selection for Multi-Device Users" is also SHOULD. If clients don't
The MIP-02 addition says "create a separate Welcome for each device's KeyPackage" — but this is already how MLS works (one Welcome per KeyPackage). The What's Good
|
NOTE: this PR was created during a livestream with myself and Derek Ross. We were trying to figure out how to add multiple clients to Derek's Burrow app. This PR isn't polished and is purely meant to start a discussion. Everything after this sentence (including the MIP edits) was written by coding agent:
Summary
Each device installation generates a random 32-byte
client_idon first launch and includes it in every Kind:443 KeyPackage event. This allows inviters to group KeyPackages byclient_idand select exactly one per device, solving the multi-device discovery problem.The Problem
When inviting a user to a group, the inviter queries relays for the user's KeyPackage events. If the user has multiple devices (e.g., Android + iOS), each device publishes KPs under the same npub. There is currently no way to distinguish which device produced which KeyPackage.
Naive strategies like "pick the N most recent" fail: if one device refreshes more frequently, all the top KPs may belong to the same device, and the other device is silently excluded from the group.
The Solution
A new
client_idtag on Kind:443 events:The inviter's algorithm becomes:
client_idtagChanges
client_idto the example event and field explanations. New "Multi-Device Support" section covering the discovery problem, tag specification, selection algorithm, privacy considerations, and backward compatibility.Privacy
The
client_idis a random opaque value — it reveals nothing about device type, OS, or hardware. It does reveal that a given npub has N active devices, which is already observable once those devices join a group (each becomes a visible leaf node).Backward Compatibility
KPs without
client_idare treated as belonging to unique, unknown devices. As adoption increases, untagged KPs become rare.Related
crates/mdk-core/tests/multi_device.rsdemonstrates the full flow including a scenario where the naive heuristic fails and theclient_idapproach succeeds.