Re: [MLS] Move / Add-in-place / Compounding
Raphael Robert <raphael@wire.com> Mon, 22 October 2018 19:00 UTC
Return-Path: <raphael@wire.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1117E130DCE for <mls@ietfa.amsl.com>; Mon, 22 Oct 2018 12:00:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wire-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rEbjtuXVkaCA for <mls@ietfa.amsl.com>; Mon, 22 Oct 2018 12:00:02 -0700 (PDT)
Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83E98128B14 for <mls@ietf.org>; Mon, 22 Oct 2018 12:00:01 -0700 (PDT)
Received: by mail-ed1-x535.google.com with SMTP id x2-v6so4093131eds.3 for <mls@ietf.org>; Mon, 22 Oct 2018 12:00:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wire-com.20150623.gappssmtp.com; s=20150623; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=mAueBbODvtqPkB5gzzn0PTBjUbqqvUYTKqR1hMwdOag=; b=m7nm1Mbmx8QKlV4E3zbUpMcjMAlLJ2p3wyOAjIDVkVI6s8ZGWasL9Si52NLsJSYetN jLydrkUfckUO5mqf2eyfYROXIS9T+Xhu46gaCXF2o7u/hCcDWUES29mL9j4TtTtkqbu/ vde9lPlEeJb/one+6OUvRN5fpX2mSQvqFc/XGKTu2EGQqI0nHy0YnE5p+4TatMX6LcDr /rYCfkJbSFC16kZzz7VbldYTLv9thZ5vhP8YK0c4oic4GZo765tjz8f5HAtgPbtU1myJ SIq0s+3MU97ZEl36lz96qTmf2hyhUWuIhyTH0IxPfWTTn66CAfDsRlQs1bt7lQat2V88 WVvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=mAueBbODvtqPkB5gzzn0PTBjUbqqvUYTKqR1hMwdOag=; b=Keo7JmmVf+Z+cC9YuMCtHKSG404V3tNreolvlP4rgbzFqUIn/k+40po4im5/BjfBQz xXiQ0ezM0v+AkmT9um7biqD8K9IRiEB1K12/9ol21UZHFVnnDGHqpmiwnmTQ1stOP1Ue /xn3MmI5Pdo1qiZY3eiFYUecC+7T7d7oKtu5HWAPVSS4EU4vIaGuihoxTQUbhI6IFJ7h SBZsJrdjVZ/pJL6uyxEdb9AtxVO2RKOidlOWccf3fNckUtYE7nptzSF39fRZzw9wAZrh +W1X4VMghHXhNOryjSgVzglRvupaEHARFm93voM+KezkcXA55YQzbvD0FWHeltQyYJgk Vd3g==
X-Gm-Message-State: ABuFfoj7Ta/zDe1kSX4f7rhiMdEMM0oDuACq/xNWFZvBj0w5fKKh44mM QbbBpbU3lgV6QBtX5kVyMa4DLLUTD3s=
X-Google-Smtp-Source: ACcGV61ld5R9jf4yy10vsUF4nUOOzYnkEL89wzjGJG7lHe25rC1elwBGTr8mH65/CyAKbQ7yQlF70A==
X-Received: by 2002:a50:abc2:: with SMTP id u60-v6mr14382595edc.185.1540234799520; Mon, 22 Oct 2018 11:59:59 -0700 (PDT)
Received: from rmbp.fritz.box (HSI-KBW-095-208-247-123.hsi5.kabel-badenwuerttemberg.de. [95.208.247.123]) by smtp.gmail.com with ESMTPSA id x53-v6sm14711622edx.63.2018.10.22.11.59.58 for <mls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 22 Oct 2018 11:59:58 -0700 (PDT)
From: Raphael Robert <raphael@wire.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_1E3B772A-9379-4A47-A542-14E880FBD9BA"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
Date: Mon, 22 Oct 2018 20:59:57 +0200
References: <CAL02cgTYLTkkB-WhjeBtorVcdiurPibi9eqmQmG3qib1gLhEkA@mail.gmail.com>
To: mls@ietf.org
In-Reply-To: <CAL02cgTYLTkkB-WhjeBtorVcdiurPibi9eqmQmG3qib1gLhEkA@mail.gmail.com>
Message-Id: <D1060454-E518-4D82-B95F-D14099C388D6@wire.com>
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/4x1Zz25EAvHZI_7L3BjW7LjnNJg>
Subject: Re: [MLS] Move / Add-in-place / Compounding
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Oct 2018 19:00:09 -0000
I think these two operations make perfect sense (had the same ones in mind). Some comments: Regarding Move: We should work on a recommendation of when to do a Move instead of an Update, and also of when to do a Move even if no Update was planned. The recommendation could initially be something naive, such as: when the ratio of blank leaves / full leaves is greater than xxx, do a Move. Regarding Add-in-place: I think this has the potential of becoming the default, as opposed to the current Add. Maybe both operations could be one and the same if we just add an index to the current Add. In that case the recommendation for the index would simply be the left-most empty leaf node. If both operations are correctly applied by clients, the tree should have the optimal size. There is however a case where trees will not shrink, but only if the following three conditions are met: - A large number of members left the group (large is relative to the group size) - A large number of the remaining members never come online again and therefore cannot move themselves (large is again relative to the remaining group size) - Only very few new members are added subsequently I suspect that the above scenario is however an edge case. If it occurs “in the wild” it might eventually get solved on a social level (when unresponsive members get removed by active ones). > On 22 Oct 2018, at 20:34, Richard Barnes <rlb@ipv.sx> wrote: > > Hey MLS folks, > > tl;dr: > - Would there be interest in a Move operation? > - How about an operation to Add a new member in an open slot instead of the right edge? > > In looking at the "partial tree" stuff (#67), it occurred to me that once you have partial trees with blank leaves, you can in principle do two new operations: An existing member can move from one leaf in the tree to another; and an existing member can add a new member at a leaf that is currently blank. These operations would work roughly as follows: > > - Move: > - Blank out old dirpath > - Move credential from old slot to new slow > - Send update along new dirpath > - Add-in-place: > - Blank out dirpath for slot > - Install new member's leaf key in slot > - Install new member's credential in slot > > For Move, you would also want to have people step down the size of the tree. For example, if you go from having 10 leaves (X _ X X _ _ _ _ _ X) to four leaves (X X X X) as the result of a move, then the resulting tree should only have height 2, not 4 (as is required for 10 leaves). Fortunately, this is trivial with the tree math defined in the document; you just truncate the node vector, and the calculated root gets correspondingly smaller. > > I've prototyped this out in my JS stack [1][2]. Once you've built a tree, and removed a couple of members, you can click one of the "Move" buttons to move that node to the lowest open slot. As you can see, it's not a ton of code. > > In any case, this seems to me to be potentially useful, since it addresses the issue that was raised in the BoF that the size of the resources for a group increases monotically. Move allows you to reclaim resources that are unused (assuming some orchestration outside of MLS), and Add-in-place allows us to be conservative with resources that are already allocated (cf. realloc). > > If folks think these sound like useful tools, I'll write up a PR and we can discuss in BKK. > > --Richard > > [1] https://ipv.sx/treekem/ <https://ipv.sx/treekem/> > [2] https://github.com/bifurcation/treekem/commit/7f470422ba61ce668c3ab1d6b2d18edd9d6e06fd <https://github.com/bifurcation/treekem/commit/7f470422ba61ce668c3ab1d6b2d18edd9d6e06fd> > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls
- [MLS] Move / Add-in-place / Compounding Richard Barnes
- Re: [MLS] Move / Add-in-place / Compounding Raphael Robert
- Re: [MLS] Move / Add-in-place / Compounding Russ Housley
- Re: [MLS] Move / Add-in-place / Compounding Richard Barnes