IETF Logo Mail Archive

Re: [Mimi] Confirming adoption calls for draft-barnes-mimi-arch and draft-ralston-mimi-protocol

"Hale, Britta (CIV)" <britta.hale@nps.edu> Sun, 24 March 2024 19:42 UTC

Return-Path: <britta.hale@nps.edu>
X-Original-To: mimi@ietfa.amsl.com
Delivered-To: mimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD5ACC14F615 for <mimi@ietfa.amsl.com>; Sun, 24 Mar 2024 12:42:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.563
X-Spam-Level:
X-Spam-Status: No, score=-0.563 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2FFhCWvSrhHE for <mimi@ietfa.amsl.com>; Sun, 24 Mar 2024 12:42:15 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2100.outbound.protection.outlook.com [40.107.236.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABCBAC14F61B for <mimi@ietf.org>; Sun, 24 Mar 2024 12:42:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PrM7CvkglD+9eId/KwpgVxvWpHyeQf5nwIsuK3FNbFmmPLbP3Mkwz9JhiEGP1AVfO4C3SsHs65lTQPnZAzAxyDLVoN5oonywvcNWg25RBeITG70r8RVkbq3i9aYrI6vCxX/rkQ+Kbs1yjaqEVAGqdRbrKNAaXfOqt4F/3dNt4qaPIlAep6/WiNpFcjACs+6NLJJ5sslNiQCA9EF//6DRJChP7n3dexGGpsZnwVNtzXVff48eyaWyUjzKZkvYT9//L3jZOSI6Ak6M4fow7Z29IJkjrww2tlt0tcM3yS9GR2tiDmYl2PIj1P4tmml34NpU4BIEdsmBtPrrrKNxDttpwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+zhDR2GV4VCLp+/KCdu855jByq4VIYjNetSPuddLDDk=; b=Q470NuvHLr0oNwhRuhWhlVRZaZBFeEdGB1+tF+ChNjwRcoGd6qkIo37rxmw/fR4QEC+HFwwrm+JiGPvyXZ7wBg3yaLv4v2mcXt4Xbkf49qlnoj+sZPECyhxAJUDVj8pPM3pmHfQxvrM6uBp+5qVYsIdKWpQwlJ+ovdF11uUOJUGONmlxrvONlTaXWLxbRcVNEPY8EqSejf7R5aEeI2PQ2Z/KiURWgBa+yHn98qhXpPrM4aRzlkLnOzWG4ZEIrppBMhtbPSqL2R3sdW+Xq0uMgpyfTwJnPQArZabpjDAB/p8sAH8e+tJYxrpC5IDApnhvaWZcCYZyUZoSRqRPxXH++A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nps.edu; dmarc=pass action=none header.from=nps.edu; dkim=pass header.d=nps.edu; arc=none
Received: from BY5PR13MB3348.namprd13.prod.outlook.com (2603:10b6:a03:1aa::23) by MN2PR13MB4104.namprd13.prod.outlook.com (2603:10b6:208:24e::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.31; Sun, 24 Mar 2024 19:42:10 +0000
Received: from BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::5cb0:c59a:af3d:4557]) by BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::5cb0:c59a:af3d:4557%4]) with mapi id 15.20.7409.028; Sun, 24 Mar 2024 19:42:10 +0000
From: "Hale, Britta (CIV)" <britta.hale@nps.edu>
To: Brendan McMillion <brendanmcmillion@gmail.com>, Rohan Mahy <rohan.mahy@gmail.com>
CC: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Richard Barnes <rlb@ipv.sx>, Suhas Nandakumar <suhasietf@gmail.com>, Travis Ralston <travisr=40matrix.org@dmarc.ietf.org>, Alissa Cooper <alissa@cooperw.in>, "mimi@ietf.org" <mimi@ietf.org>
Thread-Topic: [Mimi] Confirming adoption calls for draft-barnes-mimi-arch and draft-ralston-mimi-protocol
Thread-Index: AQHaey/zAC/xAT/ANEOWtdlQgJBhnLFCrFcAgAAkvgCAAAN8AIABq+uAgAAT0ACAAID1gIAAZ5KAgAB0cwCAAOm0gA==
Date: Sun, 24 Mar 2024 19:42:10 +0000
Message-ID: <2DBE47B3-C185-40E4-9B9D-1F8FBC09E9CE@nps.edu>
References: <8C305FF1-41E2-4E60-94CF-B15A5EEBFC03@cooperw.in> <CAKoiRuYse46M5TiCoCgMhuW=MZrAmfJf0KUkZGX20PJVUmM66Q@mail.gmail.com> <CANd9WG55weUzkDA5MjKxS8cEg=dAaqVOyEsVxEO7p0wA7J7yNw@mail.gmail.com> <CAMRcRGT_hqdO_AEg4oHgmN_sFrpQoPyxuU20Snt1S1Y5ym0qHA@mail.gmail.com> <CAJTd26JOvqpuakznGK5dqUEX2wW1FhvS==Zk+oZKvWgtq+cPFg@mail.gmail.com> <CAL02cgTd=5GCcLpKqB5=XgFq-geUuFrFW-2Cu84F7=3QLdTdLA@mail.gmail.com> <54e875bb-6a35-4879-b7f7-2a33da96b4b4@cs.tcd.ie> <CAKoiRubSCrRrAxDDmpLC8xUdzk3eNUOxBSz0ra6vi_qf95Jvcg@mail.gmail.com> <CAJTd26+pSCwjbQLAQyjMG73tDMPSwFTVt-ZaSOvDtokNXxZazw@mail.gmail.com>
In-Reply-To: <CAJTd26+pSCwjbQLAQyjMG73tDMPSwFTVt-ZaSOvDtokNXxZazw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.83.24031813
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BY5PR13MB3348:EE_|MN2PR13MB4104:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: VEpvlJef2zecTJdcTxvCizT7PIW+qOLjXjDuKmJSRUF7R3kHOUHLZ5WX+mbKtAmaGu9YiCHHYSaPJPUf7Epcjwly7UekGXZ3vqCEa46aZhysgOkGTNwbFoGVLKzd+rZgCL1ageHO5q7KK3KrvyMEru106lsgOb0PwdlX72XrOb6dEm9v8oaBt0oK734uuji3def9AWtl7pujUh8m1Sri0nY1JMV0cpjL80wXzgBohFKDpBCoxWB/r+E72orMyl/0mxa/VIZgPHaE7fXeLqPuQhDJdtCUZvEP2u5CZMX40qPM14fvgfWnlo8CTrseHt/uRhIZqnN1oCcxXkXuFuXAPaNEj59ByY9ssfNs4LBkv3v8ukEO6yJ0XguFMA77E7lIMdZMA4UF4sHpuhtlkc9N4T00X9SQoAjOVHCNhoJcI5jB2fPdGaZ84NPkgWXxkh69Qg2jCj6jyAIeoS4WxG3cy9ow57ntILSTVTjbSfQAZcUIq8OVFkNSLzOqPkv5ZOO5irlaw3AbG7rijw7de/nFrI8vsNDw9UGjF1rOQNBPb0wB4loxxZ/oEPJgk7ZnC1jSgBdUMEnFwt79xuX6TaA/tOknPP6pvlT6r/n07CMIRpbPM3z6GpYjQt7iLRZgHuQ4AlGu23+z32NjM9379vfew6Zt9vaLFCiFxb7HvAxRfCk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR13MB3348.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(366007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 7epqUH3bjVQKVBIn6CMWTEYFV1nFpYTVDBcrUWKbmCH0FDg1HAzF190lSH8eN6d3NXvcC46s7mteqnW99kIXihR0f9gJ/8VAJleEhTF1AHATQS7rAgt275VE6N0Vb1lZ1cIcbOEJ5aR3yxk+Ql5qeWzUpK+RZWGpGRBVodNx+L863YDa+eT7Wn7reXuTpQZP0rQ30IPBmTnEsCJSrftpp0Y3TfJ4KmM/neYgiv9d49ZcoMkT4lHCUqaAk1v73u/FY8lTAAXtHuI+x1kG/HZdSynOs1p3MUtK+D3SBQ2P9RpU9+nHXthbxMUpOwijp940ywfw6mWiL5kv/41ihFMKuCEL0cRFdO67EldoPHHBKrkF+BfuhgMEUwLMGqn5DUDAAcNAAmpOiFiX5NCvdZahR/KgH0kX0uS0XXAJRJTbhnusJ2xFOduAPl8ZbtbtO/3+JapQibE2HmTlOhOmU9oZMLEpF8IiXOOrivyElSyYUqUjWwX9DEYxJjv1J3+sJz3nOFmSVSiqSSvisKh9ZX7HZthweYO3t+tZMs0KpyiYeuv3JTxxmt6DfLaIGkCdJy5MckdsbmMVHeloJwO6cueaIa9Rzu8PftK9dtophg7JcQPO0lGvbCjCOoFPFaxDEv8MSwqwJFwsnAFoZUHSv+TyS/kw6dmCQwC3jWa8QpG+1ZO4xeJjrj9LR2F2mhVBJvODR5LkYwRsVhRL93mno/YLqtOIsE1xqoQmP0uPMD3cAwOuD55YNkTGtF8kEpoalADXyqqX84mwRpp9cO0huSdF0Pu9ow99xRkLD7YAHQojnkQu3XsYGbgTdCoFm6JJlqMX0kT3V5YuxoWg9OtHaD4uzPsMij2Z1AbyYd8lXp0gJfA6JMM8KLNd7o26E6dfSAZyWSj4w8Gn5E56Z7tEWdQE117f9/pvyjWYWYH2koXVIxNf3+kaN7gcxltdkkriJ/QdKjsNW5OuUWVQiBwC678r5aUyS5TbqOHdzGOJlQHNHYgdJ8KxajFxb/iwJkNNN1cJJegGNKjejeiJ56WsSMBSQoJ+dhODvWvErXaJelXN5R5iy1Te+/9bBl0JhZ7mTOVZvUuCKoqPKDxzI0AeTbUSOuP/yx+2Z5K3vGbmbs2qSWaiMMIfJ4iY++VuqZ9NSXtXNAGtsQ/WaS5KTjvMq1DI1ZEJeXtxvnPx+1qX/YL09n0wXEryPSJ9e0B61zKDwEItyh5F9jBhkjAvO5bL7IR22/WidQC0ng7dtpuvhoZxlayygNvWQTYp5KYItmCANk84ns6x6BwWboQRL9i/oYXQRjWI+z3kj9krziAz98f2pXUUJG9cQLIvCpxi02VnTUFRQfICW9yMQjFYn5Y99haUH5tU/VuFxpJHbdm0BjnI/a+oXCs51nGehppuhLY3auH5oXaYrncHhs/uLH2YrArN02MsQjBOLmuGb/6kw8glWenwNd6Sibl2Qr0y4fxuIq4NxU0KS0nIilMMmW13hv7r9+XUgHTzAvcuPkrTo8YsODEkD2m0fvl3IhUGL5WKn3WLnrskrRvRRTQT/bT4N8GYIPmZecR0LxJy7wibyI4rXU63YsY0GsHIprQGTExkWotqEF9NIbunxzCbi04hdCDqLQ==
Content-Type: multipart/alternative; boundary="_000_2DBE47B3C18540E49B9D1F8FBC09E9CEnpsedu_"
MIME-Version: 1.0
X-OriginatorOrg: nps.edu
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR13MB3348.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: db508819-cb06-4fc2-ff21-08dc4c3a7f17
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2024 19:42:10.3426 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6d936231-a517-40ea-9199-f7578963378e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 259ycUFh+1MHdIcGLmusRI2Prl8koR8FZ9BMU5kcUYMyLqBjWdOmA2lmclNG75Sri/M3yekYQIMwuQvXvMG6NA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB4104
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 04
X-MS-Exchange-CrossPremises-AuthSource: BY5PR13MB3348.namprd13.prod.outlook.com
X-MS-Exchange-CrossPremises-TransportTrafficType: Email
X-MS-Exchange-CrossPremises-SCL: 1
X-MS-Exchange-CrossPremises-messagesource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-originalclientipaddress: 206.223.179.114
X-MS-Exchange-CrossPremises-transporttraffictype: Email
X-MS-Exchange-CrossPremises-antispam-scancontext: DIR:Originating; SFV:NSPM; SKIP:0;
X-MS-Exchange-CrossPremises-processed-by-journaling: Journal Agent
X-OrganizationHeadersPreserved: MN2PR13MB4104.namprd13.prod.outlook.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/mimi/zPqW0tHKexb3sWZC2YRCDpsdKOo>
Subject: Re: [Mimi] Confirming adoption calls for draft-barnes-mimi-arch and draft-ralston-mimi-protocol
X-BeenThere: mimi@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: More Instant Messaging Interoperability <mimi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mimi>, <mailto:mimi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mimi/>
List-Post: <mailto:mimi@ietf.org>
List-Help: <mailto:mimi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mimi>, <mailto:mimi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2024 19:42:16 -0000

Metadata risk to users is certainly a consideration that we should be cognizant of. I also agree that MIMI should take an active role in minimizing it. Without having surveyed potential providers, especially beyond those which have already adopted/deployed MLS, it is not possible to make concrete conjectures about the boundary line where metadata minimization will discourage MIMI use and interoperability. What we do know is that security and privacy awareness and support has increased over the years, and consequently assuming an unnecessary low bar among providers may be doing everyone – especially end users – a disservice. Regulating metadata protections to select, “privacy aware” applications brings to mind the stereotypical argument for encryption only being necessary for paranoid users and select high-assurance applications, an argument we all recognize risks from.

That said, the MIMI efforts so far in pseudonyms, etc., are quite positive steps towards metadata minimization and I hope that we can continue to work on decreasing metadata risk / increasing protections to the greatest degree that can be widely supported, as well as identifying exactly what that is. Identifying that ‘level’ will take further conversations. Still, that that does not conflict with adopting this draft – adoption does not mean that work is finished, i.e.,  we are not at last-call. Moreover, during IETF-118 several arguments were made for moving forward with adoption of a base document in a timely manner given the DMA timeline motivation. Consequently, I support adoption.

Britta


From: Mimi <mimi-bounces@ietf.org> on behalf of Brendan McMillion <brendanmcmillion@gmail.com>
Date: Saturday, March 23, 2024 at 6:45 PM
To: Rohan Mahy <rohan.mahy@gmail.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Richard Barnes <rlb@ipv.sx>, Suhas Nandakumar <suhasietf@gmail.com>, Travis Ralston <travisr=40matrix.org@dmarc.ietf.org>, Alissa Cooper <alissa@cooperw.in>, "mimi@ietf.org" <mimi@ietf.org>
Subject: Re: [Mimi] Confirming adoption calls for draft-barnes-mimi-arch and draft-ralston-mimi-protocol

NPS WARNING: *external sender* verify before acting.

Providing the same privacy properties as Signal is incredibly difficult. Nobody is asking mimi to do that. However, the mimi protocol could be a neutral way for service providers to synchronize messages related to a given group. Whether a service provider chooses to receive messages in some exceptionally private way or not, would be the service provider's choice. But instead the drafts require duplicating state between the encryption layer and mimi layer, and this presupposes a certain inescapable amount of metadata leakage.

On Sun, Mar 24, 2024 at 1:49 AM Rohan Mahy <rohan.mahy@gmail.com<mailto:rohan.mahy@gmail.com>> wrote:

On Sat, Mar 23, 2024, 02:38 Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>> wrote:
Sounds like a classic loss for privacy.

I argue it is the opposite. Today if you want to join a group chat on any system other than Signal, the participants surrender much more metadata than would be revealed to other providers under the proposed MIMI approach with pseudonyms. In addition, the low metadata approaches (using techniques such as privacy pass) that Konrad and Raphael are nurturing offer substantial improvements to privacy.
If we publish a specification that requires all providers to provide at least Signal-level metadata privacy, it is likely that we will end up with neither interoperability nor privacy for the vast majority of users.
Thanks,
-rohan

v2.23.0 | Report a Bug | By Email