Re: [MLS] Group ID

Raphael Robert <raphael@wire.com> Wed, 05 June 2019 07:59 UTC

Return-Path: <raphael@wire.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0465120605 for <mls@ietfa.amsl.com>; Wed, 5 Jun 2019 00:59:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wire-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8N1DAh0nALuk for <mls@ietfa.amsl.com>; Wed, 5 Jun 2019 00:59:50 -0700 (PDT)
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DBA1120086 for <mls@ietf.org>; Wed, 5 Jun 2019 00:59:50 -0700 (PDT)
Received: by mail-wm1-x32f.google.com with SMTP id v22so1223659wml.1 for <mls@ietf.org>; Wed, 05 Jun 2019 00:59:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wire-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=REnHm9LWV5qS8iBHUh8RcJBSb50/5ofaziHB1w3Dvho=; b=fKj4Q45PMQxRZyiY6809zEirbKVZ40CZIhcykoBydjPiP4wz+Q5U71PKSoXduaw4hO Q+sOYJb7XWiC1WKy6qsfir3DLYpWNxPhOpI2+NYeUZtXYCFSS6AR/czb1FfOciPBEX/Q pNOi9ca6/Kvuhq3WAgV2RdiH+uzAL7CKKWO8A3VKWsP27nzglFNWrUE/VdS5tTfxD4NA avdUzBMEUz3EHFjf2IlFSoaGkyEKUz90H73ua4PgxgWUdOGjBf3KO1Z7v+PIJwoAgYQP Kst4WkJeHEFhmYpVhAqO7A92jMV0KuXDe82KMW7XgZkYKc60LeUYDzMIdZjYYp7l7qPu 9SZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=REnHm9LWV5qS8iBHUh8RcJBSb50/5ofaziHB1w3Dvho=; b=JF/MqAxzoxi/5TpjsVlN89kKeBcV3HR1q8FN+JSp0LxAg38zC85wdZYLdlT8JM1LiZ dV/4eXPShiLs5GTMKlCkLcKT4ip2J9j3fVpSKjITSLTlhU16LaLsbXtufVeocQ/MCbGZ YWHzusUDcaBr2x/lTEnC2lpe3WGlIeF551d4Bl3XNImtTRHSI1s+i/rKBU/h4qaphw7A DG1Tat/vFHqVl0uM/jirvpPNpD83Ugd9Yt/uUpQDNBAAQK4xICJeFAGXGqvlIkIOerxo GAtbgUQVKbMneR9Ngimd34quDjHDBp147ahaVoRtqppw6cuKQY6r5576UzgOcFIRunzd oOBQ==
X-Gm-Message-State: APjAAAUz3FuNErqNA4HGuFU1w3ONpuWHzNCzAgaSXdKVLmMDW+1R4AVH QswiF85s8FDOlVCVc6LSaWXTKQfobBI=
X-Google-Smtp-Source: APXvYqx8dxXEciCsI1HtcC801Dm+KS3lVJdhvRfJdB0k+1u7lIlJ7EXxtYdzfUptLFwX/R3mgWrNKQ==
X-Received: by 2002:a7b:cb4b:: with SMTP id v11mr2443722wmj.103.1559721588254; Wed, 05 Jun 2019 00:59:48 -0700 (PDT)
Received: from rmbp.wire.local (h-62.96.148.44.host.de.colt.net. [62.96.148.44]) by smtp.gmail.com with ESMTPSA id f2sm20363878wrq.48.2019.06.05.00.59.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Jun 2019 00:59:47 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Raphael Robert <raphael@wire.com>
In-Reply-To: <CAMCcN7TnnzLrUxbwvKEdB10Q2XBn=rJKVDg_mfcY8ZfCbj=22Q@mail.gmail.com>
Date: Wed, 05 Jun 2019 09:59:46 +0200
Cc: Marek Jankowski <mjankowski309@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <7A857F01-3494-4F57-BCC0-C5DE3DBB96E3@wire.com>
References: <CAMCcN7TnnzLrUxbwvKEdB10Q2XBn=rJKVDg_mfcY8ZfCbj=22Q@mail.gmail.com>
To: Messaging Layer Security WG <mls@ietf.org>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/5Ecafx3Pop_yN2mOMoVl9JO_JoQ>
Subject: Re: [MLS] Group ID
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jun 2019 07:59:53 -0000

Hi Marek,

> I am aware it does not support reordering, But I'm sure one can figure an alternative that does.

We looked into doing exactly that. Server-side ordering is unfortunately a hard requirement for TreeKEM, so this is an open issue. We’d be happy to hear about a proposal that covers both problems!

Raphael

> On 11 Jun 2019, at 16:33, Marek Jankowski <mjankowski309@gmail.com> wrote:
> 
> Hi,
> Regarding some issues that were raised in the last couple of months, I wonder if we should hide the group ID from the DS. I think the group ID is valuable metadata -- the DS may keep track of it and by that identify sudden changes in the traffic, which may leak information.
> Please consider the following alternatives:
> group_id[n] = HKDF-Expand-Label(confirmation_key[n-1],group_id[n-1], "group_id", 4)
> I am aware it does not support reordering, But I'm sure one can figure an alternative that does.
> 
> Marek.
> _______________________________________________
> MLS mailing list
> MLS@ietf.org
> https://www.ietf.org/mailman/listinfo/mls