IETF Logo Mail Archive

[MLS] Recommendation for encrypted group operations

Brendan McMillion <brendanmcmillion@gmail.com> Tue, 30 January 2024 16:57 UTC

Return-Path: <brendanmcmillion@gmail.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC552C2FEE17 for <mls@ietfa.amsl.com>; Tue, 30 Jan 2024 08:57:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xqy8RgwDt_By for <mls@ietfa.amsl.com>; Tue, 30 Jan 2024 08:57:34 -0800 (PST)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E63CC1CAF83 for <mls@ietf.org>; Tue, 30 Jan 2024 08:57:34 -0800 (PST)
Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-2cf2fdd518bso39129081fa.1 for <mls@ietf.org>; Tue, 30 Jan 2024 08:57:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706633852; x=1707238652; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=MyxCEvOycgCfEjiFJhP3RQI9kG7uDdPcfcU5IwZ27TQ=; b=SemQaOxE5M53JOGK+bQn7FY+OnQJSlr1xlH2i9PpPPjEcBBEgtG70r/nz6ORBfvfub oEzLk2Myf3ao66F5bX4/C/+YxByoOq/D4i1lbrfyEhZRM1Q9q/vsK/3vE7m7LI1a/zCm prJTK810fGuvEi2bfmx4GRMr0nOM2UUH00vbhEaFohHJCMs1bIm1t/QV5J9kf3g1PAxY 2r/oxUUEJ9AedoHpiRlVv8hAF5gNI9PCVMKK9nAFe1vRWVTOx+ZzrAoagI7wtvAdnB7y ZRnuQsU9CSTV/TmSoYC1xvH75gDPcuTWR2OrgH21O/gCsiWWwaQqLjyqtKY+1FnODT+A lxyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706633852; x=1707238652; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=MyxCEvOycgCfEjiFJhP3RQI9kG7uDdPcfcU5IwZ27TQ=; b=BlOydfExz4NjXQkpl7CnXhV7jAIiWmR/B7JYc1F2jW9CNdLORUSZm1vnH1FPUivCDA ngzhkHqlCQ8atTUmbBNuZK9PDhMPHiUUdYVgJpdYvdUCHy6+7apfX63e4Xm3H1INrON8 /LjgCPvSRoeobieAoIHU0ut7pD5hVNXYRhKwP/xuqZ3rsTxnsm4Npx17ShlNqQda+REA qEvakIvpM/XD2vLu9k8MFejvMCZP9ltVtwVoY+wKHzqFO7XPSSmX9REcVP2d0qaQiCQ3 S2txavwbXtgIB5Zw/tjdjycWRY61nq5CJPBUte3rJdAPeJ1irMPIKiVMoOgAkO9cpe0o PC7g==
X-Gm-Message-State: AOJu0Yz2k7Cg3rFQhVyGnntWpGpYsqQS3bZaUndHBCBUW8YhghqtmClH 0AC3oTTYcwXxn34x7RtvjHeosOHwV0l9G5PyNVgVtfUT6UrxBcPgzVgTxycPUvk1axM/hqi90sE /F9DBDc9cSaGBBCSNCxv+mYbKh3SfAqfny7bUUw==
X-Google-Smtp-Source: AGHT+IELSp3eNv4G/DNj9l1tPQpIXPD4XxDQfrpqQ3JXny3zjgfIKe+ZjpbuIskMOF79NE6nC0yh0Tl3FXj93GBo7vc=
X-Received: by 2002:a05:651c:337:b0:2ce:1f9:1fe5 with SMTP id b23-20020a05651c033700b002ce01f91fe5mr5806530ljp.12.1706633852132; Tue, 30 Jan 2024 08:57:32 -0800 (PST)
MIME-Version: 1.0
From: Brendan McMillion <brendanmcmillion@gmail.com>
Date: Tue, 30 Jan 2024 08:57:20 -0800
Message-ID: <CAJTd26+hJjKaZZenN3bQuVaifJotVhbpQoYEBLBaN7KiOw2_Qg@mail.gmail.com>
To: MLS List <mls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000084a2de06102ca808"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/1ohlP2TZr_LBuLyM7rfDKnM9Jo8>
Subject: [MLS] Recommendation for encrypted group operations
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jan 2024 16:57:36 -0000

Hi mls@

One of the first topics of discussion at our last interim was on whether or
not to keep the recommendation in the architecture draft to use encrypted
group operations whenever possible. This is issue #210 on the repo [1].

The desire to remove this recommendation comes from the fact that many mls
deployments and the mimi wg do not follow it. It doesn't seem that the
minutes have been uploaded yet, but my memory of the conversation at the
interim is that:
- We generally agree that encrypted group operations would, in an ideal
world, be preferred. I recall several people saying it's the "moral thing
to do."
- Acknowledging that most deployed applications don't encrypt group
operations. We listed the deployments we knew of to prove this.

The after-the-fact answer I came up with for why most applications don't
encrypt group operations is that they can 1.) guarantee strong
transport-layer security, 2.) don't care about leaking group membership to
a central server, and 3.) want to use that central server to provide
certain features. Despite being well-represented in the mls wg,
applications that meet criteria 1, 2 and 3 is actually quite a specific
subset within the space of what MLS was designed to support. Any
decentralized application would not meet these criteria (no transport-layer
encryption). Signal doesn't either (doesn't leak membership).

Given this, my proposal is to keep the recommendation but state that
applications may use unencrypted operations if they have an explicit
reason. I've opened a PR to that effect here:
https://github.com/mlswg/mls-architecture/pull/247

This is in contrast with a PR from Eric that removes the recommendation and
describes the tradeoffs between encrypted and unencrypted group operations
on relatively equal footing:
https://github.com/mlswg/mls-architecture/pull/246

Please say on the list if you have a preference between the PRs. Thank you!

1. https://github.com/mlswg/mls-architecture/issues/210

v2.23.0 | Report a Bug | By Email