# Phase 3 — User Acceptance Testing (Federation & Key Transparency) > Phase 3 is NOT YET IMPLEMENTED. This is a pre-written test plan. ## Prerequisites - Phase 2 UAT fully passing - Two warzone-server instances on different domains - DNS zone control for both domains --- ## 1. DNS Server Discovery **Setup TXT record:** ``` _warzone._tcp.a1.example.com TXT "v=wz1; endpoint=https://wz.a1.example.com; pubkey=base64..." ``` **Test discovery:** ```bash cargo run --bin warzone-client -- discover a1.example.com ``` - [ ] Resolves TXT record - [ ] Shows endpoint URL and server public key - [ ] Server pubkey pinned on first contact (TOFU) --- ## 2. DNS Key Transparency **Publish key to DNS:** ```bash cargo run --bin warzone-client -- publish-key --domain a1.example.com ``` - [ ] TXT record created: `manwe.a1.example.com TXT "v=wz1; fp=...; pubkey=...; sig=..."` - [ ] Self-signature is valid - [ ] Only server's delegated zone is modified **Verify key via DNS:** ```bash cargo run --bin warzone-client -- verify-key @manwe.a1.example.com ``` - [ ] Fetches TXT record - [ ] Verifies self-signature - [ ] Compares against server-provided key - [ ] Match → "Key verified via DNS" - [ ] Mismatch → "WARNING: server may be performing MITM" - [ ] No DNS record → "Falling back to TOFU" --- ## 3. Federated Messaging **Server A (a1.example.com) and Server B (b1.example.com):** Alice is on Server A, Bob is on Server B. **Alice sends to Bob:** ``` /dm @bob.b1.example.com hello from server A! ``` - [ ] Client resolves `b1.example.com` via DNS - [ ] Fetches Bob's bundle from Server B - [ ] X3DH + Ratchet encrypt - [ ] Message sent via Server A → Server B relay - [ ] Bob receives on Server B - [ ] Bob decrypts successfully **Bob replies:** ``` /dm @alice.a1.example.com hey alice! ``` - [ ] Reverse path works (B → A) - [ ] Existing ratchet session reused --- ## 4. Server-to-Server Mutual TLS - [ ] Server A connects to Server B with TLS - [ ] Both servers verify each other's pubkey (from DNS TXT) - [ ] Invalid server pubkey → connection refused - [ ] Man-in-the-middle between servers → TLS fails --- ## 5. Gossip Peer Discovery **Server A knows Server B. Server C joins:** - [ ] Server C registers with Server A - [ ] Server A gossips Server C's endpoint to Server B - [ ] Server B can now route messages to Server C users - [ ] No manual configuration needed on Server B --- ## 6. Hard-coded Peer List (DNS Fallback) **DNS is down:** ```bash cargo run --bin warzone-server -- --peers "https://wz.b1.example.com,https://wz.c1.example.com" ``` - [ ] Server connects to listed peers directly - [ ] Federated messaging works without DNS --- ## Summary | # | Feature | Result | |---|---------|--------| | 1 | DNS server discovery | ☐ | | 2 | DNS key transparency | ☐ | | 3 | Federated messaging | ☐ | | 4 | Server mutual TLS | ☐ | | 5 | Gossip peer discovery | ☐ | | 6 | Hard-coded peer fallback | ☐ | **Tester:** _______________ **Date:** _______________