[MLS] Recommendation for encrypted group operations
Brendan McMillion <brendanmcmillion@gmail.com> Tue, 30 January 2024 16:57 UTC
Return-Path: <brendanmcmillion@gmail.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC552C2FEE17 for <mls@ietfa.amsl.com>; Tue, 30 Jan 2024 08:57:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xqy8RgwDt_By for <mls@ietfa.amsl.com>; Tue, 30 Jan 2024 08:57:34 -0800 (PST)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E63CC1CAF83 for <mls@ietf.org>; Tue, 30 Jan 2024 08:57:34 -0800 (PST)
Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-2cf2fdd518bso39129081fa.1 for <mls@ietf.org>; Tue, 30 Jan 2024 08:57:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706633852; x=1707238652; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=MyxCEvOycgCfEjiFJhP3RQI9kG7uDdPcfcU5IwZ27TQ=; b=SemQaOxE5M53JOGK+bQn7FY+OnQJSlr1xlH2i9PpPPjEcBBEgtG70r/nz6ORBfvfub oEzLk2Myf3ao66F5bX4/C/+YxByoOq/D4i1lbrfyEhZRM1Q9q/vsK/3vE7m7LI1a/zCm prJTK810fGuvEi2bfmx4GRMr0nOM2UUH00vbhEaFohHJCMs1bIm1t/QV5J9kf3g1PAxY 2r/oxUUEJ9AedoHpiRlVv8hAF5gNI9PCVMKK9nAFe1vRWVTOx+ZzrAoagI7wtvAdnB7y ZRnuQsU9CSTV/TmSoYC1xvH75gDPcuTWR2OrgH21O/gCsiWWwaQqLjyqtKY+1FnODT+A lxyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706633852; x=1707238652; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=MyxCEvOycgCfEjiFJhP3RQI9kG7uDdPcfcU5IwZ27TQ=; b=BlOydfExz4NjXQkpl7CnXhV7jAIiWmR/B7JYc1F2jW9CNdLORUSZm1vnH1FPUivCDA ngzhkHqlCQ8atTUmbBNuZK9PDhMPHiUUdYVgJpdYvdUCHy6+7apfX63e4Xm3H1INrON8 /LjgCPvSRoeobieAoIHU0ut7pD5hVNXYRhKwP/xuqZ3rsTxnsm4Npx17ShlNqQda+REA qEvakIvpM/XD2vLu9k8MFejvMCZP9ltVtwVoY+wKHzqFO7XPSSmX9REcVP2d0qaQiCQ3 S2txavwbXtgIB5Zw/tjdjycWRY61nq5CJPBUte3rJdAPeJ1irMPIKiVMoOgAkO9cpe0o PC7g==
X-Gm-Message-State: AOJu0Yz2k7Cg3rFQhVyGnntWpGpYsqQS3bZaUndHBCBUW8YhghqtmClH 0AC3oTTYcwXxn34x7RtvjHeosOHwV0l9G5PyNVgVtfUT6UrxBcPgzVgTxycPUvk1axM/hqi90sE /F9DBDc9cSaGBBCSNCxv+mYbKh3SfAqfny7bUUw==
X-Google-Smtp-Source: AGHT+IELSp3eNv4G/DNj9l1tPQpIXPD4XxDQfrpqQ3JXny3zjgfIKe+ZjpbuIskMOF79NE6nC0yh0Tl3FXj93GBo7vc=
X-Received: by 2002:a05:651c:337:b0:2ce:1f9:1fe5 with SMTP id b23-20020a05651c033700b002ce01f91fe5mr5806530ljp.12.1706633852132; Tue, 30 Jan 2024 08:57:32 -0800 (PST)
MIME-Version: 1.0
From: Brendan McMillion <brendanmcmillion@gmail.com>
Date: Tue, 30 Jan 2024 08:57:20 -0800
Message-ID: <CAJTd26+hJjKaZZenN3bQuVaifJotVhbpQoYEBLBaN7KiOw2_Qg@mail.gmail.com>
To: MLS List <mls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000084a2de06102ca808"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/1ohlP2TZr_LBuLyM7rfDKnM9Jo8>
Subject: [MLS] Recommendation for encrypted group operations
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jan 2024 16:57:36 -0000
Hi mls@ One of the first topics of discussion at our last interim was on whether or not to keep the recommendation in the architecture draft to use encrypted group operations whenever possible. This is issue #210 on the repo [1]. The desire to remove this recommendation comes from the fact that many mls deployments and the mimi wg do not follow it. It doesn't seem that the minutes have been uploaded yet, but my memory of the conversation at the interim is that: - We generally agree that encrypted group operations would, in an ideal world, be preferred. I recall several people saying it's the "moral thing to do." - Acknowledging that most deployed applications don't encrypt group operations. We listed the deployments we knew of to prove this. The after-the-fact answer I came up with for why most applications don't encrypt group operations is that they can 1.) guarantee strong transport-layer security, 2.) don't care about leaking group membership to a central server, and 3.) want to use that central server to provide certain features. Despite being well-represented in the mls wg, applications that meet criteria 1, 2 and 3 is actually quite a specific subset within the space of what MLS was designed to support. Any decentralized application would not meet these criteria (no transport-layer encryption). Signal doesn't either (doesn't leak membership). Given this, my proposal is to keep the recommendation but state that applications may use unencrypted operations if they have an explicit reason. I've opened a PR to that effect here: https://github.com/mlswg/mls-architecture/pull/247 This is in contrast with a PR from Eric that removes the recommendation and describes the tradeoffs between encrypted and unencrypted group operations on relatively equal footing: https://github.com/mlswg/mls-architecture/pull/246 Please say on the list if you have a preference between the PRs. Thank you! 1. https://github.com/mlswg/mls-architecture/issues/210
- [MLS] Recommendation for encrypted group operatio… Brendan McMillion
- Re: [MLS] Recommendation for encrypted group oper… Eric Rescorla
- Re: [MLS] Recommendation for encrypted group oper… Richard Barnes
- Re: [MLS] Recommendation for encrypted group oper… Brendan McMillion
- Re: [MLS] Recommendation for encrypted group oper… Richard Barnes
- Re: [MLS] Recommendation for encrypted group oper… Brendan McMillion
- Re: [MLS] Recommendation for encrypted group oper… Eric Rescorla
- Re: [MLS] Recommendation for encrypted group oper… Brendan McMillion
- Re: [MLS] Recommendation for encrypted group oper… Watson Ladd
- Re: [MLS] Recommendation for encrypted group oper… Richard Barnes
- Re: [MLS] Recommendation for encrypted group oper… Richard Barnes
- Re: [MLS] Recommendation for encrypted group oper… Brendan McMillion
- Re: [MLS] Recommendation for encrypted group oper… Eric Rescorla
- Re: [MLS] Recommendation for encrypted group oper… Paul Wouters