Riffing on the newest advance in deMLS consensus by the VAC team, I would like to present an idea I already alluded to in my other post.
I propose to encrypt IP addresses included in the provenance logs (p-logs) of each member with the MLS group key. This would allow group members to connect to other members by decrypting the p-logs associated with their VLADs and recovering their most up to date IP address securely.
When a member is excluded, members must re-encrypt their IPs with the new group key, if they rotate their IPs as well than excluded members cannot connect back to any current members AND even if they did cannot decrypt new messages.
This scheme is orthogonal to how new member are introduced to the group and how information is exchanged. VLADs and p-logs could be stored on a DHT and Waku used as transport for example but we could also imagine groups relying on the birthday paradox to create standalone group not tied to any DHT or pubsub mechanism as well which is something impossible without metastability.
WDYT?