IETF Logo Mail Archive

Re: [Mimi] draft-mahy-mimi-content comment - message immutability

Jonathan Rosenberg <jdrosen@jdrosen.net> Fri, 31 March 2023 20:09 UTC

Return-Path: <jdrosen2@gmail.com>
X-Original-To: mimi@ietfa.amsl.com
Delivered-To: mimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37B73C15257A for <mimi@ietfa.amsl.com>; Fri, 31 Mar 2023 13:09:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FORGED_FROMDOMAIN=0.096, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A9Q4PdcRIV50 for <mimi@ietfa.amsl.com>; Fri, 31 Mar 2023 13:09:04 -0700 (PDT)
Received: from mail-yw1-f178.google.com (mail-yw1-f178.google.com [209.85.128.178]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 750E2C152577 for <mimi@ietf.org>; Fri, 31 Mar 2023 13:09:04 -0700 (PDT)
Received: by mail-yw1-f178.google.com with SMTP id 00721157ae682-5416698e889so436259527b3.2 for <mimi@ietf.org>; Fri, 31 Mar 2023 13:09:04 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680293343; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mnbAAKBGwYi26vE6pT2nO5lE4Np9W7YkxNO0bAGHdFI=; b=bVC/3W4iJRHavZUILbu7jyq/4uQIjW60NFjh4+AJbXIztvrDdViDQ1N8CoOYA5Vdue cNz+bvQYBCO0p2U1tRmifsH7TkC5NKHZYyRSxUQSS1rcwIKxS0bLCOIhySavi0+3M6Kl yqgfCdGyVcpmPU9V2Frkac65jFny2qvd1uBQMdK/RhJeS9FKe8/f5/ZG6ekda+NEqPK1 Kst7NCQoLHdp+AcHbhyKFDYtfR6wo/X6otIre3VVdhmQW5HF07wdmSTm8xYB+x2ZdEgk rERU13kljpahjRdZDOi+1jmAKWAA2ggnoj1Xcm6DMoG2/INoorBEMz/EspTmpLe9UDvh NmwA==
X-Gm-Message-State: AAQBX9d5EnT/l77P++ZAe0sg4XuL0FZMID7Y9elexMyduKbUVEWX+Ein kQ9M7EFy8J3Nr4eBY+JD7S1/80mCCHX8n1PS
X-Google-Smtp-Source: AKy350bfgltxswD+vU4UVp+R10sX9vjdJL3SqsyH68hue0O8iMsKkAz/S9tLCcH5Gg+sp7DIQ7f/Ug==
X-Received: by 2002:a0d:ea90:0:b0:541:826c:2106 with SMTP id t138-20020a0dea90000000b00541826c2106mr26014866ywe.20.1680293343419; Fri, 31 Mar 2023 13:09:03 -0700 (PDT)
Received: from mail-yb1-f169.google.com (mail-yb1-f169.google.com. [209.85.219.169]) by smtp.gmail.com with ESMTPSA id p14-20020a81e20e000000b00545a0818479sm731670ywl.9.2023.03.31.13.09.02 for <mimi@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 31 Mar 2023 13:09:02 -0700 (PDT)
Received: by mail-yb1-f169.google.com with SMTP id cf7so28773798ybb.5 for <mimi@ietf.org>; Fri, 31 Mar 2023 13:09:02 -0700 (PDT)
X-Received: by 2002:a05:6902:1083:b0:b6e:d788:eba7 with SMTP id v3-20020a056902108300b00b6ed788eba7mr18572654ybu.6.1680293342440; Fri, 31 Mar 2023 13:09:02 -0700 (PDT)
MIME-Version: 1.0
References: <CA+23+fFxHqtqK-4CmskrTEJHBp=+nQ2nhohCRiqOUeLAb5Q76w@mail.gmail.com> <CAJt9-x76opT=GQVVu0YHAu-9C0hBBQY0fXDsJ-EHG2FYGt=PFg@mail.gmail.com> <a547ae12-3d86-487b-25e6-f5c6212fdf85@it.aoyama.ac.jp> <CA+23+fHyxbB--7t8JR2G8Gw1BKdjU8CYcfY9ze2aEHhZeTg7Kg@mail.gmail.com> <PH7PR84MB3203D923A0B95D619B6A93CD8F8F9@PH7PR84MB3203.NAMPRD84.PROD.OUTLOOK.COM>
In-Reply-To: <PH7PR84MB3203D923A0B95D619B6A93CD8F8F9@PH7PR84MB3203.NAMPRD84.PROD.OUTLOOK.COM>
From: Jonathan Rosenberg <jdrosen@jdrosen.net>
Date: Fri, 31 Mar 2023 16:08:45 -0400
X-Gmail-Original-Message-ID: <CA+23+fF0iU8m5X3byPiPE9pLJdyUvS1WQZqF9dY0Wyg4hwq5Gw@mail.gmail.com>
Message-ID: <CA+23+fF0iU8m5X3byPiPE9pLJdyUvS1WQZqF9dY0Wyg4hwq5Gw@mail.gmail.com>
To: Seyyed Soroosh Hosseinalipour <soorosh_abi@hotmail.com>
Cc: "Martin J. Dürst" <duerst@it.aoyama.ac.jp>, Matthew Wild <mwild1@gmail.com>, "mimi@ietf.org" <mimi@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cb750905f837c775"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mimi/Yeew2ZwgEADgoQXvBrWLShWVaks>
Subject: Re: [Mimi] draft-mahy-mimi-content comment - message immutability
X-BeenThere: mimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: More Instant Messaging Interoperability <mimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mimi>, <mailto:mimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mimi/>
List-Post: <mailto:mimi@ietf.org>
List-Help: <mailto:mimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mimi>, <mailto:mimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2023 20:09:08 -0000

E2E encryption is baked into our charter (see
https://datatracker.ietf.org/doc/charter-ietf-mimi/). We are specifically
trying to solve for federation between providers of e2e encrypted
persistent chat systems.

Thx,
Jonathan R.

On Fri, Mar 31, 2023 at 2:39 PM Seyyed Soroosh Hosseinalipour <
soorosh_abi@hotmail.com> wrote:

> ITNOA
>
>
>
> Why mandate e2e encrypted? I think it can be optional from standard view,
> and if implementor use non e2e mode, it can gain many options and
> flexibility, that resolve many problems, by design.
>
>
>
> Thanks
>
>
>
> *From:* Mimi <mimi-bounces@ietf.org> *On Behalf Of * Jonathan Rosenberg
> *Sent:* Friday, March 31, 2023 10:35 PM
> *To:* Martin J. Dürst <duerst@it.aoyama.ac.jp>
> *Cc:* Matthew Wild <mwild1@gmail.com>; mimi@ietf.org
> *Subject:* Re: [Mimi] draft-mahy-mimi-content comment - message
> immutability
>
>
>
> With MIMI, messages are e2e encrypted. Thus, the typical "columns" -
> information buried within the mimi content, is not known to the provider
> and cannot be deleted individually.
>
>
>
> Thx,
>
> Jonathan R.
>
>
>
> On Fri, Mar 31, 2023 at 5:38 AM Martin J. Dürst <duerst@it.aoyama.ac.jp>
> wrote:
>
> We definitely should think and work hard to make sure GDPR needs are
> covered. On the other hand, if we want to address business needs too,
> there are also requirements for retention, in particular in
> banking/securities. So what XMPP does seems to make sense.
>
> Regards,   Martin.
>
> On 2023-03-28 17:27, Matthew Wild wrote:
> > On Mon, 27 Mar 2023 at 04:59, Jonathan Rosenberg <jdrosen@jdrosen.net>
> wrote:
> >>
> >> Another high level comment I think warrants discussion on its own -
> whether or not MIMI messages are immutable.
> >>
> >> For handling things like message deletion, a messaging system has two
> choices on how to implement it. First is - to allow a previously sent
> message to be modified. So, if you think about the persistent group chat as
> a database for messages, we're quite literally updating the row which
> contained this message. The other choice is, that you can never modify a
> previous message itself. Rather, you send a new message, which has the
> semantic of being an edit (or deletion) of a prior message. In this model,
> the deletion or edit is the insertion of a new row, with a foreign key
> referencing the message being deleted or edited.
> >
> > For the record, in XMPP we do a combination of these. Edits/deletions
> > are, as you say, follow-up "replacement" messages (with their own ID
> > and a reference to the ID of the replaced message). For various
> > reasons, including not messing up sync, we always (sticking with your
> > DB analogy) keep that "row" in the database, however in certain cases
> > servers do clear most of the columns. That allows us to scrub
> > problematic content (e.g. because the service does not want to host
> > it, or because a GDPR subject requested removal of the content).
> >
> > Clients later synchronizing that chat can see that a message occurred,
> > but not the original contents.
> >
> > Regards,
> > Matthew
>
>

v2.23.0 | Report a Bug | By Email