Re: [MLS] Artart early review of draft-ietf-mls-protocol-16
Richard Barnes <rlb@ipv.sx> Tue, 04 October 2022 14:32 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38926C1524A0 for <mls@ietfa.amsl.com>; Tue, 4 Oct 2022 07:32:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4RKaCLo6XfYA for <mls@ietfa.amsl.com>; Tue, 4 Oct 2022 07:32:15 -0700 (PDT)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96307C1522CC for <mls@ietf.org>; Tue, 4 Oct 2022 07:32:02 -0700 (PDT)
Received: by mail-lf1-x12f.google.com with SMTP id 25so11134265lft.9 for <mls@ietf.org>; Tue, 04 Oct 2022 07:32:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=WzNTo9dzagOQot8aNZU5MsEG0h2rrV+T78dwuZcSMR0=; b=2pPgCxCFC9R9dQVzQBJ+g87Fc+MikDGBylSWhacrFuD1CsLWuO65uWcOicKH1HQpkj NPrLU1J6Amqje3K5nfWgkZcis+hnPVPEN0NIc7Ql9Eh0y6AN77PbwLWa8FlqchGpzLGU 5ZVB/PPcd5xo6QxFhb2s9mXFayPevdu0uW1PvP1e0kXOBrntE4hvmOOTbkk0jDinH7ek 7eyGkClCvq6XW1vE2sNfS1WyGqFDtI94IMfULVDyKxc28TGufXZUWWEUhfICDdDNX5VL pzQYEArbbKzHxtCD4KqydKbjiNq4emu9wxmoo1rFv0+d6EstQC5inOVRlB1PrUz4uZyH GJyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=WzNTo9dzagOQot8aNZU5MsEG0h2rrV+T78dwuZcSMR0=; b=QpsvKB/vK4BuOiP45k8jgHDj0QEpQSYA8f+Dsk+jaPUHVqwR8BPFEAVU1gGsPNSC+v JzaR8v2WoWTvlGKgk3SZsiphuFzNxh6Lbgqr0hjYT+kIaMmDHwt/LB4BELxAd2TBt7T7 AJ0jOAlaMBion7O/HK22xDjwfaH0qg1/ZalzrbT5m7dPXu+uYmaAczod+2DKb1w8Fz1p f3amFYE/Pik29+MKaWx92v4pPPQKdkkpkW+DKPE63T2fl2WwbpEoy4oaWpUppVgPgzU/ qtR21vb/MnL6i9PvVaWOSXpLGm5PwEdoBJTxd01enwLmi839rX/x5Uda4ClDMi3sQ8ZJ rBCw==
X-Gm-Message-State: ACrzQf1wHaVYBP59dOAvl5ZpLfYBeI/62KJUyIIEYyS3vqMnSNymq3bh XHD9xUWuhHkn9ka2j/BL76DL42qeiY3ovLsfaS+MUw==
X-Google-Smtp-Source: AMsMyM7RCzjeQrx+QLby5ELTbiij5Gy3u3QFn8ag6BKHT3C+dO4dV/OqXdfdxu9eBdEVunVkwsmkVzztsoF2SmHDjU0=
X-Received: by 2002:a05:6512:c1a:b0:499:fa97:db1e with SMTP id z26-20020a0565120c1a00b00499fa97db1emr9726757lfu.196.1664893920638; Tue, 04 Oct 2022 07:32:00 -0700 (PDT)
MIME-Version: 1.0
References: <166439271702.8492.5817498980343338518@ietfa.amsl.com>
In-Reply-To: <166439271702.8492.5817498980343338518@ietfa.amsl.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Tue, 04 Oct 2022 10:31:49 -0400
Message-ID: <CAL02cgRMnJPQyob-_iJ21_P2p1T0S_p4eSViPUjg+SB6bpurNQ@mail.gmail.com>
To: Rich Salz <rsalz@akamai.com>
Cc: art@ietf.org, draft-ietf-mls-protocol.all@ietf.org, mls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ba93e205ea36520e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/8grf071goikHjTZxAnBE0Gr5QF8>
Subject: Re: [MLS] Artart early review of draft-ietf-mls-protocol-16
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2022 14:32:20 -0000
Hey Rich, Thanks for the review. I have filed #749: https://github.com/mlswg/mls-protocol/pull/749 A few responses inline... On Wed, Sep 28, 2022 at 3:18 PM Rich Salz via Datatracker <noreply@ietf.org> wrote: > Abstract: > Nicely describes the problem. Is 'forward secrecy and post-compromise > security' > redundant? If not, there should be definitions in the draft for both terms > and > perhaps a forward link toe the terminology section. > As usual, a fully rigorous definition is outside the scope of an IETF spec. I added some text to the security considerations and a forward pointer from Terminology. > Introduction. > "pairwise broadcast of individual messages" seems to go to far for > terseness to > make the sentence grammatical. Good point, broke up the sentence. > The section on common strategy should have a > reference or two to implementations. Signal is one implementation, so hopefully that suffices. But this is one of those things that is commonly done and poorly documented, so there aren't great references otherwise. > And do you mean "unilaterally broadcast > *A*symmetric keys" Or is the common technique to allow everyone to > impersonate > anyone? > Nope, symmetric keys. With sender keys, there's no protection against impersonation within a group. IIUC, somewhat by design, because deniability is more important. > Sec 2, Terminology. > Alphabetical order please. > I think it's clearer to keep things in a conceptual order. > Maybe mention that MSLPlaintext, MLSCiphertext are message formats > described in > section 4.1; I wondered why they didn't appear in the terminology. Added a forward reference. > And when I > searched forward to find where they are defined, I noticed that elsewhere > they > are rendered as `_MLSPlaintext_` for example, and here the underscores > aren't > present. Consistency is a virtue. The underscores are for emphasis when concepts are introduced, and not used afterward. > The last paragraph starts by saying "keys > and secrets are used interchangeably" which is contradicted by the last > sentence. > "Typically"! The point is that they mean the same thing, but we use different words to suggest slightly different roles. Sec 2.1.2 The example vector should be > "StructWithVector" not plural, right? > No, there are two vectors there. One with a fixed-size length and one with a variable-size length. Sec 4.2 is very useful and have a nice use of the railroad diagrams. The > section title should be plural tho. "Executions" It's a single execution, shown in several steps. > Is there any guidance to be > offered on access control policies? How does A know whether or not Z can > remove B? Are messages NAK'd or ignored or something else? I guess a > forward > link to 6.3 makes sense. > This is more an issue for the architecture, see, e.g.: https://github.com/mlswg/mls-architecture/blob/main/draft-ietf-mls-architecture.md#access-control I skimmed sec 7 and 8. The end of 8.4 'where lp and np[i] represent" > confused > me as I don't see those notations in the diagram that follows. > Good catch. Those notations were removed in an earlier revision. Thanks, --Richard
- [MLS] Artart early review of draft-ietf-mls-proto… Rich Salz via Datatracker
- Re: [MLS] Artart early review of draft-ietf-mls-p… Richard Barnes
- Re: [MLS] Artart early review of draft-ietf-mls-p… Salz, Rich