IETF Logo Mail Archive

Re: [Mimi] Confirming adoption calls for draft-barnes-mimi-arch and draft-ralston-mimi-protocol

Brendan McMillion <brendanmcmillion@gmail.com> Sat, 23 March 2024 22:45 UTC

Return-Path: <brendanmcmillion@gmail.com>
X-Original-To: mimi@ietfa.amsl.com
Delivered-To: mimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66D90C14F5E3 for <mimi@ietfa.amsl.com>; Sat, 23 Mar 2024 15:45:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8WCQ87ku-LaM for <mimi@ietfa.amsl.com>; Sat, 23 Mar 2024 15:45:50 -0700 (PDT)
Received: from mail-ua1-x932.google.com (mail-ua1-x932.google.com [IPv6:2607:f8b0:4864:20::932]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51E44C14F6A9 for <mimi@ietf.org>; Sat, 23 Mar 2024 15:45:50 -0700 (PDT)
Received: by mail-ua1-x932.google.com with SMTP id a1e0cc1a2514c-7e101b8fed9so294705241.0 for <mimi@ietf.org>; Sat, 23 Mar 2024 15:45:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711233949; x=1711838749; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=kGLE34Q2vGaJLqzdbZk2a9c0wcQOgGmTJA7kfZrFSSY=; b=LVVymwjlpUO/GL+2RgILQd6tqlSYAEnRWXSyKXkEdUHVXJIST7Va2Oh9wujJ35os6L st23jtYqV4ZrBNbKp7De3dkhrHI8RQuf6EYGL9du/+wG0txq4X8553UPk/31Kh1tbbZs FCxEypBbh7kSBYAWJCWPZri5z02WJiT6JAY5+XefGrVy9ZXoLrKq+zUfoGe0Z7xtEq6X Bd5V575MgvwLZz2p5BZb8pENXQlPcsUe6xsufETGR5Bcb9Vn1R5sy1R+Q23XKrARsr36 wEDcOGaWJZyFx5dTxBXlrRmk03CRwKkRnOAPnPy4ZDXYk5ESwryd252m7oVn86JGlGXS E9Cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711233949; x=1711838749; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kGLE34Q2vGaJLqzdbZk2a9c0wcQOgGmTJA7kfZrFSSY=; b=rXnqICSTIoFunCdKs/6yptTHaClJgx3ROW/HcDfwlb+nXtv3/s2NyU5P/6yx3ftqX7 phJxyyOuPQeLaBgf8XGsvc6WsSeJDJOL5SvUHZsZdB6gLfvLHN0Y4Wby2pNW8Ue8feaH O6ce7zFpi64BMUnlUTgTmLIGXVb8SwSeRabbAHUNnDV/3D+AEQXyeS2cM720DNuj6otz AZSUBx6XTdMl/fXGvPIxk7MB4J5LhaIRIkKLZX50fXiNdRcyXtuJjtHc8CmJRYF5XjrB nbj/ZoZXMzKdbcLyBnIzBU2qSkW/bkr5Bf3sOtARW4vdjY3LneNN9wCy5LVs4cZtcP7m 1zWQ==
X-Forwarded-Encrypted: i=1; AJvYcCXebdsO9BLC/8OPsyI3HcgQ1Yb3zTmvbzCklVgvv1xYz+7g7/DjoCPXg4+VUoZyryalGBiGgyDI+7ATY7ch
X-Gm-Message-State: AOJu0YxEgtEH6Deex/TVDpP4fhXsuSNZHTKaAzAjTzstZwCSoshImAZ8 P6JpgEu9876ahOjhL/y8f4aeCX1BUK4G2+3RTeyKCRQ+wz7aU165iTL4HNAEs5K/plHE2z+1rXF JkJubMW8y5LoNT1gvACVoXFboquU=
X-Google-Smtp-Source: AGHT+IEWUcMUdcENJquDjJc+mUppUQDelwIDO+e/IryOLT8/2GoG+bApq4E8MFa3jay2D3IfdvZkJPwZ3L7Ahd4SGPY=
X-Received: by 2002:a67:e98a:0:b0:476:f1f1:d7cf with SMTP id b10-20020a67e98a000000b00476f1f1d7cfmr48557vso.15.1711233949119; Sat, 23 Mar 2024 15:45:49 -0700 (PDT)
MIME-Version: 1.0
References: <8C305FF1-41E2-4E60-94CF-B15A5EEBFC03@cooperw.in> <CAKoiRuYse46M5TiCoCgMhuW=MZrAmfJf0KUkZGX20PJVUmM66Q@mail.gmail.com> <CANd9WG55weUzkDA5MjKxS8cEg=dAaqVOyEsVxEO7p0wA7J7yNw@mail.gmail.com> <CAMRcRGT_hqdO_AEg4oHgmN_sFrpQoPyxuU20Snt1S1Y5ym0qHA@mail.gmail.com> <CAJTd26JOvqpuakznGK5dqUEX2wW1FhvS==Zk+oZKvWgtq+cPFg@mail.gmail.com> <CAL02cgTd=5GCcLpKqB5=XgFq-geUuFrFW-2Cu84F7=3QLdTdLA@mail.gmail.com> <54e875bb-6a35-4879-b7f7-2a33da96b4b4@cs.tcd.ie> <CAKoiRubSCrRrAxDDmpLC8xUdzk3eNUOxBSz0ra6vi_qf95Jvcg@mail.gmail.com>
In-Reply-To: <CAKoiRubSCrRrAxDDmpLC8xUdzk3eNUOxBSz0ra6vi_qf95Jvcg@mail.gmail.com>
From: Brendan McMillion <brendanmcmillion@gmail.com>
Date: Sun, 24 Mar 2024 08:45:38 +1000
Message-ID: <CAJTd26+pSCwjbQLAQyjMG73tDMPSwFTVt-ZaSOvDtokNXxZazw@mail.gmail.com>
To: Rohan Mahy <rohan.mahy@gmail.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Richard Barnes <rlb@ipv.sx>, Suhas Nandakumar <suhasietf@gmail.com>, Travis Ralston <travisr=40matrix.org@dmarc.ietf.org>, Alissa Cooper <alissa@cooperw.in>, mimi@ietf.org
Content-Type: multipart/alternative; boundary="000000000000aa3e3506145bb36e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mimi/3xmns7eeltyLI_bldKFgz4TPW9Q>
Subject: Re: [Mimi] Confirming adoption calls for draft-barnes-mimi-arch and draft-ralston-mimi-protocol
X-BeenThere: mimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: More Instant Messaging Interoperability <mimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mimi>, <mailto:mimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mimi/>
List-Post: <mailto:mimi@ietf.org>
List-Help: <mailto:mimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mimi>, <mailto:mimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2024 22:45:52 -0000

Providing the same privacy properties as Signal is incredibly difficult.
Nobody is asking mimi to do that. However, the mimi protocol could be a
neutral way for service providers to synchronize messages related to a
given group. Whether a service provider chooses to receive messages in some
exceptionally private way or not, would be the service provider's choice.
But instead the drafts require duplicating state between the encryption
layer and mimi layer, and this presupposes a certain inescapable amount of
metadata leakage.

On Sun, Mar 24, 2024 at 1:49 AM Rohan Mahy <rohan.mahy@gmail.com> wrote:

>
>
> On Sat, Mar 23, 2024, 02:38 Stephen Farrell <stephen.farrell@cs.tcd.ie>
> wrote:
>
>> Sounds like a classic loss for privacy.
>>
>
> I argue it is the opposite. Today if you want to join a group chat on any
> system other than Signal, the participants surrender much more metadata
> than would be revealed to other providers under the proposed MIMI approach
> with pseudonyms. In addition, the low metadata approaches (using techniques
> such as privacy pass) that Konrad and Raphael are nurturing offer
> substantial improvements to privacy.
> If we publish a specification that requires all providers to provide at
> least Signal-level metadata privacy, it is likely that we will end up with
> neither interoperability nor privacy for the vast majority of users.
> Thanks,
> -rohan
>
>

v2.23.0 | Report a Bug | By Email