Re: [MLS] Subgroups
Konrad Kohbrok <konrad.kohbrok@datashrine.de> Tue, 12 March 2024 13:23 UTC
Return-Path: <konrad.kohbrok@datashrine.de>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE7DAC1519A5 for <mls@ietfa.amsl.com>; Tue, 12 Mar 2024 06:23:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=datashrine.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ym_PzG30ptJg for <mls@ietfa.amsl.com>; Tue, 12 Mar 2024 06:23:03 -0700 (PDT)
Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org [80.241.56.172]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE564C14F68F for <mls@ietf.org>; Tue, 12 Mar 2024 06:23:02 -0700 (PDT)
Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4TvDpn3WnSz9sdD; Tue, 12 Mar 2024 14:22:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=datashrine.de; s=MBO0001; t=1710249777; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=au9s8LIWosJSFSApFyToxR7Qm7Wm4gG6mLQs0U4yaEo=; b=jd9hxlOmwwkuUm0Ap6RIZYb07gQWC6rABJQP976xd1cAKfAu+Q4egqvbRqssEdZ5tDadKy 1fWsdrvUJnAu7EYAApSplh+cT9zX5uYsRqjQeHc6M7yNP9RZMUiz2eL/1XM/MI2VEgdCT6 A3r1oUjjIf6Oji5p3AKX7mdZmelA4Yn+6Su5NWHGdM5TsE/n5x7HYVqEXLh0Nf4sh+6hnT xw+APlxnus/Cj0g6l7NKdpwMztznywGVdwJV+pfA5j6GC3RGvG6bnme6e7/KcS9A7wceC+ MZlPVrPbP+1Z/h+fAfmVwskwC9SEyUKehsP7xGHWbRZ9Z7PJgym2kNfQCMGJ7w==
From: Konrad Kohbrok <konrad.kohbrok@datashrine.de>
Message-Id: <15C66118-2240-4891-81A6-228CF094459F@datashrine.de>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E61BFF41-6EF0-4F1A-B517-CED92257E262"
Mime-Version: 1.0
Date: Tue, 12 Mar 2024 14:22:46 +0100
In-Reply-To: <CAJTd26+ZU9_iwRAWW7aFLTh2vo35YDQc5_vLh+pOVjKeBNY6XQ@mail.gmail.com>
Cc: MLS List <mls@ietf.org>
To: Brendan McMillion <brendanmcmillion@gmail.com>
References: <CAJTd26+ZU9_iwRAWW7aFLTh2vo35YDQc5_vLh+pOVjKeBNY6XQ@mail.gmail.com>
X-Rspamd-Queue-Id: 4TvDpn3WnSz9sdD
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/99ajsnUj7QCJTeVb0Fjzvjzg9l4>
Subject: Re: [MLS] Subgroups
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2024 13:23:08 -0000
Hi Brendan, Thanks for writing this up! Some comments: # 1 Introduction and 2 Conventions and Definitions - The language in the document is very specific to the use-case of a single user with multiple devices. As there are a few other use-cases for such a virtual clients protocol, it might be better to keep the terminology a bit more general. # 3.2 Private Keys - There is a third instance where emulator clients will have to share randomness and that is to compute `path_secret[0]` as described in 7.5 of the MLS spec. It shouldn’t be a problem to include just add an extra deterministic key derivation step, though. - I always thought that we’d have to rely on commits to coordinate the actions of emulator clients, but the including the encrypted PrivateKeyInfo is a neat way of doing so indirectly. At least for KeyPackage uploads. - If an emulator client uploads KeyPackages, it should probably also inform other emulator clients of the KeyPackage’s hash s.t. when they receive a Welcome (on behalf of the virtual client) they know which key to use for decryption. The other emulator clients can’t learn that hash from the Subgroup Extension, because they might not have access to the group’s tree if the group relies on RatchetTreeExtensions to transmit the ratchet tree. I don’t think that’s covered yet. # 4 Application Messages - As I’ve already mentioned in my other mail, I’m not sure relying on DS-client coordination to prevent key reuse is necessarily better than the use of an extension, but that might depend on your use-case. My hope is that we can eventually come up with a way to avoid both. # 5.2 Joining Externally - The process of discarding Welcomes is not quite clear to me. Is that meant to be done by the other emulator clients once they come back online? Or do we assume that the new emulator client can somehow access the pending messages of the offline clients? In the latter case, how would the new client even know what groups they are for? In any case, we should be very clear about things that do or don’t work when allowing external joins this way. Overall, the protocol looks like a good approach to me. Do you want to create a PR against the existing virtual clients doc, or do you prefer to maintain a separate document for now? Cheers, Konrad > Am 11.03.2024 um 04:51 schrieb Brendan McMillion <brendanmcmillion@gmail.com>: > > Hi mls@ > > I wrote a draft today on how I would propose implementing the subgroups / virtual clients feature. I'm not currently able to submit it to the datatracker, but it is here: https://bren2010.github.io/draft-subgroups/draft-mcmillion-mls-subgroups.html > > Handling all of the edge cases I could think of, it still came out to be quite a simple proposal. Any feedback would be appreciated > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls
- [MLS] Subgroups Brendan McMillion
- Re: [MLS] Subgroups Konrad Kohbrok
- Re: [MLS] Subgroups Brendan McMillion
- Re: [MLS] Subgroups Mularczyk, Marta
- Re: [MLS] Subgroups Natanael
- Re: [MLS] Subgroups Brendan McMillion