Re: [Mimi] Messaging Transport for mimi
Konrad Kohbrok <konrad.kohbrok@datashrine.de> Thu, 27 October 2022 15:04 UTC
Return-Path: <konrad.kohbrok@datashrine.de>
X-Original-To: mimi@ietfa.amsl.com
Delivered-To: mimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A651CC1524B0 for <mimi@ietfa.amsl.com>; Thu, 27 Oct 2022 08:04:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=datashrine.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T4nKSeRV-xCA for <mimi@ietfa.amsl.com>; Thu, 27 Oct 2022 08:04:16 -0700 (PDT)
Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [80.241.56.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB92CC1522DA for <mimi@ietf.org>; Thu, 27 Oct 2022 08:04:15 -0700 (PDT)
Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4MypqH0XyHz9snr for <mimi@ietf.org>; Thu, 27 Oct 2022 17:04:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=datashrine.de; s=MBO0001; t=1666883051; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=24UOdVvckSXxMSOWrkWuXA8ElIqHleJn7/20oQ7H/fA=; b=K2Hg4AAbfxCVL79gxjQRkA/lf4oS0jWz+MODEBEfM9pxkg0cLInFaVePQ7Z1n8/Vr54oIv WybE7Ypu+k0lZjW302AVtiAnLUW0FUss+cK7QwxvFUBDmNTGnik8LBT83x2Z896wxuxfpt SkAECmzqGcD9pHBrPv6RgXowxwgUmHpXInOTJPG21Houk3lOUUgDDmRZpYJxPQI5hjKZKt Z8rTNWVmCj4FJEM3s9tnUDfrG9P/DNRDin2YuG6ClH8Jx5Cdc4yAgu4xAiKvd2Pp+txS6P ZCt/iJDYcuSAHlEj1ub4aKHCFZK9TD/+/Mm6trbgVju3vcXdrfhM/2r91V04/g==
Message-ID: <5f630582-2cac-3bb6-136a-e8da49e5478b@datashrine.de>
Date: Thu, 27 Oct 2022 17:04:10 +0200
MIME-Version: 1.0
Content-Language: en-US
To: mimi@ietf.org
References: <CAMRcRGTdtnZHUP2ft9dWyovf+iTd0y762U_8toJUPUhbFqdK7Q@mail.gmail.com>
From: Konrad Kohbrok <konrad.kohbrok@datashrine.de>
In-Reply-To: <CAMRcRGTdtnZHUP2ft9dWyovf+iTd0y762U_8toJUPUhbFqdK7Q@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4MypqH0XyHz9snr
Archived-At: <https://mailarchive.ietf.org/arch/msg/mimi/8FW0TCyKb6WbktvrP3l510Xhbmg>
Subject: Re: [Mimi] Messaging Transport for mimi
X-BeenThere: mimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: More Instant Messaging Interoperability <mimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mimi>, <mailto:mimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mimi/>
List-Post: <mailto:mimi@ietf.org>
List-Help: <mailto:mimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mimi>, <mailto:mimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2022 15:04:19 -0000
Hi Suhas, Thanks for the proposal for a MIMI transport architecture. A few comments and questions. Relying on previously arranged business relationships essentially restricts the architecture to a bilateral model (as per Jonathan’s taxonomy document) and in particular does not allow for an open model. It also precludes the participation of individuals or other entities that cannot (or will not) enter such a business arrangement. Such a closed approach is also at odds with the DMA, as it reinforces current monopolies and cements the requirement for a business relationship between providers. Regarding the assumption of E2EE: Do you assume E2EE only for application messages, or also for handshake messages? Encryption of handshake messages has a number of trade-offs: On the one hand, it’s a very effective way of protecting message metadata. On the other hand, some information has to be exposed to the server anyway so that it knows whom to send the message to. Also, plaintext messages allow the server to perform a number of useful functions: - keep track of the public tree, as well as GroupInfo (clients only have to supply a signature), both can be used to make joining easier. On the one hand, it allows an external commit (if that is desired) and on the other hand, it allows clients to just download the current tree, whereas otherwise, it would have to be included in the Welcome message every time a member joins - check validity of messages (except encrypted information such as update path values or encrypted extensions), thus preventing individual clients from modifying the group state in ways they are not allowed to. Servers could thus also enforce group policy. If the server can’t check for validity, individual group members can send invalid messages, leading to an increase of the Epoch, s.t. if nothing else, other members have to initiate a roll-back. Note that plaintext messages do not necessarily lead to metadata leakage. Cached messages and group states can be encrypted at rest and per-group pseudonyms can be used instead of real identities. The way I understand the subscription patterns mentioned in the draft, they seem very broad. To prevent the unnecessary leakage of metadata across providers, subscription patterns should be scoped s.t. a server can check if another server is eligible to subscribe. For example, a server should only be able to subscribe to messages if one of the server’s users is in a given group, not generally for all groups on the server. To enable an open federation and properly scoped subscribe patterns, there should be a way to push connection request messages or group invitations regardless of a previous subscription. - If desired, servers could still perform access control based on the sender’s domain based on an allow list or a block list. - Servers could then subscribe based on the user’s (or its client’s) decision to accept or decline the request. - If the decision to subscribe depends on client interaction, caching time should be more than 24h. Cheers, Konrad Am 25.10.22 um 19:54 schrieb Suhas Nandakumar: > Hello All > > We submitted a draft describing transport for mimi, called Cached and > Async meSsage Transport (CAST), that is inspired by modern cloud based > messaging architectures. > > Please find the same here : > https://datatracker.ietf.org/doc/draft-nandakumar-mimi-transport/00/ > <https://datatracker.ietf.org/doc/draft-nandakumar-mimi-transport/00/> > > We look forward for feedback > > Cheers > Suhas/Cullen >
- [Mimi] Messaging Transport for mimi Suhas Nandakumar
- Re: [Mimi] Messaging Transport for mimi Konrad Kohbrok