IETF Logo Mail Archive

Re: [MLS] Recommendation for encrypted group operations

Eric Rescorla <ekr@rtfm.com> Tue, 30 January 2024 23:34 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8828DC151077 for <mls@ietfa.amsl.com>; Tue, 30 Jan 2024 15:34:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z_nfUGB80Qhq for <mls@ietfa.amsl.com>; Tue, 30 Jan 2024 15:34:57 -0800 (PST)
Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87FC7C14CE31 for <mls@ietf.org>; Tue, 30 Jan 2024 15:34:57 -0800 (PST)
Received: by mail-pj1-x1035.google.com with SMTP id 98e67ed59e1d1-290d59df3f0so3468255a91.2 for <mls@ietf.org>; Tue, 30 Jan 2024 15:34:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1706657697; x=1707262497; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=EyfTrcKarTlV7jtdq4unWGJKhQPylADWhjrsB8zeAJw=; b=idv7h/HWdzJKHdRJFeW1dokxEnve9AzU44LlJ9jY1BLmOCg0aVkL/WyNXPYXBZe6F/ sXCKVyvxgbEb0MxkzgR/z+nbpm+KcUeSVG8GUHlDKlsc8ub2JnbulgE+xIqpA1zgJ1BM gp+b/k9aXJzqEA6PfZsR6ddxiYb50LU3ebnThsw03Q6TWj2VfsXZhYSmtI1wqLheKy0F MDDcMQsMzZ6ouUCuYjxuGp5MrG/xq0uGzw7N8lpezoRIzjuzEoU5goA3C5+CJzPghAup bFeCBMhi5s8Fgi1GU+JmZh+r1hl4ceer3xL2p5BYo96bFjQS1JjV0arnLqEHN9kyeZUK Ccxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706657697; x=1707262497; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EyfTrcKarTlV7jtdq4unWGJKhQPylADWhjrsB8zeAJw=; b=Mp2wRAWlQ+szoZmIIFszf6cpjtUfWiZY5GoAQPq4zBE+7C7xaIT2aOo7ev+/K4RzRS iqKv6RI/kekh+g2e+qQRMugr8p33lVynxS1DVwl+l8HOq3nNQxhaiOQuSyrfLUPvkUdw 43Oq+pZpKQJbmp+ZuR76SFd8O+A9K7sXNocX4Gp2stWUILHq2QqMA22q7uwCNVIaRKyy pJPprziurGE1qpsL0IYBYXirB/yBpOOkznAC0RnWNfIWDi6K4lI/esuiOPaZRgF+hkbR 3O2V5FYrukWcv115tgV3uDSfPR2oxBZutBU9+SuRfHOdsCZTAi6beRZ2xg1vCWJNadJ8 t8pQ==
X-Gm-Message-State: AOJu0YxW6laplN1gkRnnOJ/EXfHKQ81K9kysjNjL4PsP0yRzDIS9kCil n47OzxXPWR8FtyueREXeCdJ33Yr3D8mULXFv9lSkZb5TfBqLoIk1jrnE/3J/MAINsiK8KxLhhlI 8ZtnIFwab572n1V0GPv29l++ndVY3dDtQXOVchg==
X-Google-Smtp-Source: AGHT+IEGj+CByZSdbfvGcVr6QBM59mielukTefGQHhsjhmk7Dz3mpZKPTPP/Je1wjpw3J9O1mCXVslFA2/acf1m8vsw=
X-Received: by 2002:a17:90b:3112:b0:293:cf90:8730 with SMTP id gc18-20020a17090b311200b00293cf908730mr151847pjb.18.1706657696973; Tue, 30 Jan 2024 15:34:56 -0800 (PST)
MIME-Version: 1.0
References: <CAJTd26+hJjKaZZenN3bQuVaifJotVhbpQoYEBLBaN7KiOw2_Qg@mail.gmail.com> <CABcZeBNT=EBMrmOJ1pBpaThs6BcVuajXYt+ziXzEMZU0LKjfjg@mail.gmail.com> <CAL02cgQkOxg6f1U-GwAWTOBDv96yvV1bEFZ=F7ES+Qhs7vDJLA@mail.gmail.com> <CAJTd26L-ROx_T5RaDU9cZscTzOZGM9zGmgwN=_iAtGWw2jgJUA@mail.gmail.com> <CAL02cgR03wgwLFARPPwx1ROCsvPUk0xR83FSudjv0b7aR21yzg@mail.gmail.com> <CAJTd26L_AVPwnm+5-H2nA_x4j2tLZZOKHykBNmvk0PO9oUL4Ww@mail.gmail.com> <CABcZeBPOGtFu=UXyqV-ftiMYx1rXJYbxRNE+Hfggsws8bZ2zwA@mail.gmail.com> <CAJTd26JXHjqVbHs91g+oUbuBrX88geOjbGqz1EW-7TUOLgAQWg@mail.gmail.com> <CACsn0cniLJgCmMOmW9NVvf4X7H3DimKcwrjNe5rNiHDgf7bbsw@mail.gmail.com> <CAL02cgRG_q_+o-7jhVDHYQ8dPLw8tzhRzuty64eP1vArYRjWzQ@mail.gmail.com> <CAJTd26LwWZfkCtCsy80pq-jL8+HSFfBkjKxCRjuPEoXNr80rHg@mail.gmail.com>
In-Reply-To: <CAJTd26LwWZfkCtCsy80pq-jL8+HSFfBkjKxCRjuPEoXNr80rHg@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 30 Jan 2024 15:34:19 -0800
Message-ID: <CABcZeBPeuQJeux5EsoM1DUeR8Pa9RD9FDHi3Z9NPkcUh1CukMA@mail.gmail.com>
To: Brendan McMillion <brendanmcmillion@gmail.com>
Cc: Richard Barnes <rlb@ipv.sx>, Watson Ladd <watsonbladd@gmail.com>, MLS List <mls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c81c1d0610323529"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/5XoQ3hbbsJM4jTxkuSLgALyYQts>
Subject: Re: [MLS] Recommendation for encrypted group operations
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jan 2024 23:34:58 -0000

On Tue, Jan 30, 2024 at 2:40 PM Brendan McMillion <
brendanmcmillion@gmail.com> wrote:

> Groups can be extremely large: there are telegram channels of tens of
>> thousands of people. The credentials in cross-domain environments can
>> rapidly swell. At the same time spam can be an issue, and having
>> server visibility into group joining I think can be a very useful clue
>> here.
>
>
> MMS has a max group size of 10, iMessage of 32, Messenger of 250, Signal
> of 1000, WhatsApp of 1024. At these sizes, it does seriously warrant
> considering whether the efficiency arguments hold water. Spam concerns
> don't really resonate with me either, as Signal (the only major messenger
> to use Sealed Sender) seems to have no issue with it. Given that these are
> consumer apps, they also don't have the enterprise policy-enforcement
> constraints Richard described.
>
> I understand why the efficiency arguments apply to something like WebEx or
> Zoom, where several thousand people may pop in and out of a meeting in an
> hour. But like I said, that's a very specific type of app in the space
>

As I said earlier, the right place to take these arguments is MIMI. The
question for *this* WG is whether we should be giving people guidance that
we know they won't follow.

-Ekr


>
> Unfortunately I do not.  Honestly, I think the need was so obvious to
>> folks involved, who are working on real messaging systems, that there
>> wasn't much discussion.  Even the privacy-focused folks who had designed a
>> very privacy-preserving DS [draft-robert-mimi-delivery-service] have come
>> to agree that PublicMessage is the right answer as the default.
>
>
> I am curious how we got from "has already been discussed pretty
> extensively" to "so obvious... that there wasn't much discussion." :)
>
> On Tue, Jan 30, 2024 at 1:22 PM Richard Barnes <rlb@ipv.sx> wrote:
>
>> On Tue, Jan 30, 2024 at 11:15 AM Watson Ladd <watsonbladd@gmail.com>
>> wrote:
>>
>>> On Tue, Jan 30, 2024 at 1:11 PM Brendan McMillion
>>>
>>> > I personally have not followed the mimi wg very closely and I can not
>>> say why they made this decision.
>>>
>>> Even as someone subscribed I'm not sure I'm aware of this particular
>>> conversation. Anyone got handly links?
>>>
>>
>> I knew someone was going to ask :)
>>
>> Unfortunately I do not.  Honestly, I think the need was so obvious to
>> folks involved, who are working on real messaging systems, that there
>> wasn't much discussion.  Even the privacy-focused folks who had designed a
>> very privacy-preserving DS [draft-robert-mimi-delivery-service] have come
>> to agree that PublicMessage is the right answer as the default.
>>
>> --RLB
>>
>>

v2.23.0 | Report a Bug | By Email