IETF Logo Mail Archive

Re: [MLS] Agile Credentials and Signature Keys

"Hale, Britta (CIV)" <britta.hale@nps.edu> Wed, 16 September 2020 17:35 UTC

Return-Path: <britta.hale@nps.edu>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8774C3A10B2 for <mls@ietfa.amsl.com>; Wed, 16 Sep 2020 10:35:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.887
X-Spam-Level:
X-Spam-Status: No, score=-1.887 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sWTgKSvXyO-j for <mls@ietfa.amsl.com>; Wed, 16 Sep 2020 10:35:16 -0700 (PDT)
Received: from mule.nps.edu (mule.nps.edu [205.155.65.106]) by ietfa.amsl.com (Postfix) with ESMTP id 458963A1015 for <mls@ietf.org>; Wed, 16 Sep 2020 10:35:16 -0700 (PDT)
X-ASG-Debug-ID: 1600277715-0e39451285b69f0001-bGA3T6
Received: from mail.nps.edu (synergos.ern.nps.edu [172.20.4.116]) by mule.nps.edu with ESMTP id 1H5t1MntN6TCIBOA; Wed, 16 Sep 2020 10:35:15 -0700 (PDT)
X-Barracuda-Envelope-From: britta.hale@nps.edu
Received: from skywalker.ern.nps.edu (172.20.4.117) by synergos.ern.nps.edu (172.20.4.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1531.3; Wed, 16 Sep 2020 10:35:15 -0700
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.174) by skywalker.ern.nps.edu (172.20.4.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1531.3 via Frontend Transport; Wed, 16 Sep 2020 10:35:14 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Blfa3kwvSWmohccz8ckS3J9CiV7q7raLjaGd72DVwLFzoNKghLq9XAwUXaXdXDeEAJUhWXgihdOusKltkW1u1jUnoysudTgeWoHg+b5WfDpXGPUEKT+8J1ZQA7V/kZbJo+J2w0hY9MGQ8qx1f9kUpT4gARCLWrDk3EWdUPDIBf/A2gxi+A7/WpoCL/uo2T6rqpoGI3MNx5QE4SS9VEhAeVwnx+GaNojzUCLVar1bTa1q6cC8TFuX9Gib1nePoMefUEBBYQwGmeXi46jCgGBe4wtjLsTzdWzl5QHgziJToefTXXRltXQPzUy2sYZkjhXYGFGyB7BUeyitDVbqCqdOvg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nkMSUO8dJ/LcE4D71Ha/UBib3No+WhfeQdFDbxghuJg=; b=ftQ1Sg+/91p+rBLLJzsMorHtlFWCZ2YWrW8aQHNah3Acz3OOpDVepwNGU+dSgCwWj0feI6xGhcEukFCEgAEcAuwYieSeLiX2RBQZNsf9zj8ZCJqV6FFJ/BjuBOouwLhu6+A2Rc4+1F81RiFK2mH9urbhiYPU24ShG6R1vIjC2w+CcR5tjBTXQ5Qio8UbTmZD9yodA1mt1J8Ox+dUl9pJ9DZGYKg+ebbqMetWG/dZENXPitvY1UfnEAD04CuEBR1J/ezpZCDvOLuxD9aK9jnwSdWEe1jhRYs3i0PifTebk1doQ/ykWQfD3Y9Dd4YDuZWoNlIizdRrPDd2WmmOu/20ug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nps.edu; dmarc=pass action=none header.from=nps.edu; dkim=pass header.d=nps.edu; arc=none
Received: from BY5PR13MB3348.namprd13.prod.outlook.com (2603:10b6:a03:1aa::23) by BY5PR13MB3224.namprd13.prod.outlook.com (2603:10b6:a03:18d::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.4; Wed, 16 Sep 2020 17:35:14 +0000
Received: from BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::f0ab:3628:7b7c:7ec8]) by BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::f0ab:3628:7b7c:7ec8%7]) with mapi id 15.20.3391.009; Wed, 16 Sep 2020 17:35:13 +0000
X-Barracuda-Effective-Source-IP: UNKNOWN[2603:10b6:a03:18d::30]
X-Barracuda-Apparent-Source-IP: 2603:10b6:a03:18d::30
From: "Hale, Britta (CIV)" <britta.hale@nps.edu>
To: Konrad Kohbrok <konrad.kohbrok@datashrine.de>, "mls@ietf.org" <mls@ietf.org>
Thread-Topic: [MLS] Agile Credentials and Signature Keys
X-ASG-Orig-Subj: Re: [MLS] Agile Credentials and Signature Keys
Thread-Index: AQHWjEsHzjVHEa+eoEisgdEk3X+DjqlrEYiA
Date: Wed, 16 Sep 2020 17:35:13 +0000
Message-ID: <6FC12B3F-62E3-4C55-82B7-854C09C220A1@nps.edu>
References: <1808963197.6646.1600275661235@office.mailbox.org>
In-Reply-To: <1808963197.6646.1600275661235@office.mailbox.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.17.200615
authentication-results: datashrine.de; dkim=none (message not signed) header.d=none;datashrine.de; dmarc=none action=none header.from=nps.edu;
x-originating-ip: [2601:647:cb00:2941:c95b:3827:3da4:1e84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f012e18d-5d63-4121-2e35-08d85a66de74
x-ms-traffictypediagnostic: BY5PR13MB3224:
x-microsoft-antispam-prvs: <BY5PR13MB322453F4753933B4FD8592E5FB210@BY5PR13MB3224.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 40U7iclnS2jeJaE7BlARSiwntId0wK9yTc5y5gMJA5ph/S+gGIGA/2zW4GWHEETOVEvvpLy/vbtYlEFPu1evSW9q9cYpLG83rSYsarTWC/IZjvqsoQRjK/DmycbRwZ4CievB/6uRhnrbQ8coGf3TBtjXdQm6CEDUT2Y/RLlbxOoq+oyHZzVtG+2M4ezcv6ncnDzt4rjOTMV57rAA0h1VVjmsfUwZzDNaPucuCk3gIm+0nfhu2bZcU+uWyHrSTd5bs6uhgwd5pqGA2NJax0n/ATDzyRTOSVIGx2N958Uydnnz+nKeHslNAqMF53yNADHerAPs64yiJioIItMh+WJTWA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR13MB3348.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(136003)(366004)(39850400004)(376002)(396003)(75432002)(64756008)(66446008)(186003)(8676002)(86362001)(33656002)(36756003)(6512007)(786003)(316002)(478600001)(110136005)(6506007)(5660300002)(53546011)(66556008)(66476007)(66946007)(6486002)(2616005)(8936002)(2906002)(71200400001)(76116006)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: flunVg+MJ7yhmCcMOiJMCYa1hkDG/9YKSEWSdmYQ7BqbmZeJ7YjE65ed3zzr9vQS3PNsdhr1UW9tuHTh8hjg1ggYSomssP979cFAsbq707xRfvX/Kk7zcXEFCiNx+9Yeum809mskpTwPdURBI0gsjhkug8VibXnokLilJKNEZQ/D765UwH49zUf/jIBkaDJkE0L2QupM2cYxDojhilpLUHKIYWM9Mc57kkLt/kXLvVJydThSFrpOQYbP27Q62xBZzv+PgLvEsshWzTYrk4BJ9n/ByQnA7Kw3IAwlF3va0JAPfzivQPvBjZu3PMt1IpGwSOXYJRakhM4Ew6WEoMDFetUXE+zE+Rnzvqd38AAo4DiEQF0U3HyPCx8FeyuOzjU4VzTjTzH6Z0GRJpWyDLUq3iZnCzQdpZBu4T3WL5LRRXp2pMfu7uPAcxKOYhSsCBReDSo7IzdQ0++BM+CaNn8L/Orbz1XRGevnZs9vod/y1eoqZVO9ADK3iM/nikhXIPbtLy3XGh5snTQxq9q4bHN2ihKSdYBxG01T0Kwyu5B2vgoVGkBrRZdErr+zf1LxcVIIRzgG2XjBTIdsEBveX5uQPlMrLSz7/LLBxJMIj6s7XECfEKmgo29Pv8+llPdnm6lyVSIdnaouNGgu0O60LdvfoQ2keArugCLiD3IHo0HOempXgsH+le6lctt0V8BOOPYpp1rfZpxQzM3XFK60xInyVA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_6FC12B3F62E34C5582B7854C09C220A1npsedu_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR13MB3348.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f012e18d-5d63-4121-2e35-08d85a66de74
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Sep 2020 17:35:13.7145 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6d936231-a517-40ea-9199-f7578963378e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Ve7gmYSzX9NLmNN5MXyfqMWss097LRX9pzBR0RjmVNRvOxKpJXeAKlu0BzSVj+8SK2w7tK2AZPkNd2XHs3kZwQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR13MB3224
X-OriginatorOrg: nps.edu
X-Barracuda-Connect: synergos.ern.nps.edu[172.20.4.116]
X-Barracuda-Start-Time: 1600277715
X-Barracuda-URL: https://205.155.65.106:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at nps.edu
X-Barracuda-Scan-Msg-Size: 11973
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.84668 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/AIjBJabtj_dZKKv4h0Nvx24fhss>
Subject: Re: [MLS] Agile Credentials and Signature Keys
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2020 17:35:22 -0000

Allowing (1) certainly makes sense in the interest of allowing for hybrid PQ certs, should they become desired. There are also some backwards compatibility use cases where hybrid certs for 2 standard algorithms may be advantageous. Limiting a credential to only containing one public key also does not gain any particular advantage, so this changes seems solid on all sides. The corresponding signature scheme should certainly be defined within the credential to prevent potential creativity in misuse (good catch on noticing that it is currently not).

Given that signature keys are actually per group and not necessarily identity keys at all (i.e. across all groups Alice is in), I also support (2). “Identity keys” is a misnomer when comparing their use in the current specification and it would be good to fix that. Since MLS is designed without the use of group signature keys (i.e. a “group signing” algorithm for hiding the signer within the group) or other such types/uses of signature keys, we do not need to worry about collision in terminology when renaming “identity keys” to “signature keys”.


-- Britta



From: MLS <mls-bounces@ietf.org> on behalf of Konrad Kohbrok <konrad.kohbrok@datashrine.de>
Date: Wednesday, September 16, 2020 at 10:01 AM
To: "mls@ietf.org" <mls@ietf.org>
Subject: [MLS] Agile Credentials and Signature Keys

Hi everyone,

*puts Wire hat on* [0]

I made a pass over the Credentials and KeyPackages Sections and I would like to propose a few changes.

1. Make Agile Credentials possible

The credentials we have defined at the moment only contain a single public key and no information regarding what signature scheme that keypair works with (even though the Spec actually says it should include the signature scheme as well).

It would be nice, however, to support potential CredentialTypes that, similar to KeyPackages, include multiple supported signature schemes, each accompanied by a corresponding public key.

The Key that should be used in any given group is then determined by the CipherSuite of the group (which includes a Signature Scheme). When choosing a KeyPackage of a new member, it has to be one that contains a Credential which supports that Signature Scheme.

Note, that I'm not suggesting that this be the case in all Credentials, or even that we change the BasicCredential.

I understand that it's possible to have multiple credentials per identity, but in some authentication settings it can be beneficial to have a 1-to-1 mapping between Credential and identity.

2. Rename Identity Keys to Signature Keys

The public key in a credential is introduced without a special name and the field in the Basic Credential is currently called public_key, which is not very expressive. A few paragraphs below, it is referenced as "Identity Key" or simply "Identity", which is a bit misleading, as Credentials are supposed to contain an additional "identity" which is not the key.

I propose we clear up the terminology a bit here and refer to the public key contained in a Credential as "Signature Key".

3. Remove the requirement for a Signature/Identity Key to be "long-term" and explicitly forbid changing identity.

Rotating keys is important and in some cases, Signature Keys are not going to be very "long-term". Instead they're going to be rotated periodically.

I thus propose we simply remove the assumption that Signature Keys are of a "long-term" nature (or otherwise "long-lived").

I filed three PRs outlining the changes detailed above. Please let me know what your thoughts are and/or if I missed anything.

Cheers,
Konrad

[0] Not to be confused with Tinfoil hat!

v2.23.0 | Report a Bug | By Email