IETF Logo Mail Archive

Re: [MLS] -mls-architecture: resolving encrypted group operations

Brendan McMillion <brendanmcmillion@gmail.com> Thu, 14 March 2024 13:15 UTC

Return-Path: <brendanmcmillion@gmail.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A964C14F71A for <mls@ietfa.amsl.com>; Thu, 14 Mar 2024 06:15:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zeJQMomb13eC for <mls@ietfa.amsl.com>; Thu, 14 Mar 2024 06:15:02 -0700 (PDT)
Received: from mail-ot1-x335.google.com (mail-ot1-x335.google.com [IPv6:2607:f8b0:4864:20::335]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76F8EC14CE29 for <mls@ietf.org>; Thu, 14 Mar 2024 06:15:02 -0700 (PDT)
Received: by mail-ot1-x335.google.com with SMTP id 46e09a7af769-6e4f874f958so321895a34.3 for <mls@ietf.org>; Thu, 14 Mar 2024 06:15:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710422101; x=1711026901; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=VvyFK3HQrk4yOpgiIopo9J3/UA0mFkHcDnQi36Wmzf8=; b=g9HUyT1P5xFFrBOFrzItZwhvPzRW11TPKmzVJQnfAUN7R7OWDCC6sPiZJCLItiWrQi Pcc7rlVZHgc2ddKI/Z1iZn5Af6T/cX0sE8QxEmxBFSc/NsaRo5Plx5nPbNtN+rDABPVu nFIncvPq0S1wgcJ19+im/NSt6A7NORgUQJD7c5xorSYx1rghEeS52KnWdra3SmVGw2KU e+zZ8nL2uzITzqaYMI/yFBt2yo/zwUgoQDhLbDoUBLOhMoob2w0EFtgv9eHUG8ne4dV7 Tzh2ZS4ye2LIkw8UlCCIcZ+FLDTkY3ufLA+Y5p0UR3vlsHMss4ddInfNxjOEYI7M/EXq P2NQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710422101; x=1711026901; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VvyFK3HQrk4yOpgiIopo9J3/UA0mFkHcDnQi36Wmzf8=; b=aYrg+sctUybGqd4vEqKun0uLU83+kzI86koMQHD8ST5pdFQKYmQymnfUuuFgxZX599 S8AjzqtqNIUbTpZGF3lJCP3qYGuUTov9/cb7xlPZIaTb126sx6eUEEq+gggCIiTEnclg 3RrC+h1GWH9qO2Kd9LQ1YeEZJZJ179o4QSakrdnqFAtAWLXRyb88zdwdevIV2zB12eFX 2eSmfEC76PeJG9l7/99XRgFOckJ8ZXEwFYJAleu8oKNH3DCiIpn4UDbM2WixTBKcaYg/ LFrKWy2ACSP66WeofcoKoZVwxWENs5wwVrfN8v0c1KZnFk7+9/aO2xTBgafWu2jupHg4 8qhA==
X-Forwarded-Encrypted: i=1; AJvYcCVof37t6fkgFHDf9VFHKw74T8c1Scm6fOYkbirbqsonNBRdutduTjEYqx3dB7mRzwCi4pq/v26hsfSEZLY=
X-Gm-Message-State: AOJu0Yzw98R7HTInR7MypVgwNi4BwrPZ6VKVDh2HeKml6rQ5UjNhHeyt 4jag438TrNCQ9mRBBb0SZqEd/LrzscJWBPqrmlDydf8WckCpnAPkGtaRjWKn+MpyWO5nKaflanF VDhf3OVOQwtEpRMl5Xw7HEoabScHIvcjnEYM=
X-Google-Smtp-Source: AGHT+IF5+RFIR2cIea4FGdClzUOsvy9jGYsRTaM0Y8WsePhva+7PUVZosqL6YO7X1RgB32CTTyvnt74esxXQoAsXgZo=
X-Received: by 2002:a9d:3e54:0:b0:6e4:e947:e98 with SMTP id h20-20020a9d3e54000000b006e4e9470e98mr1833468otg.34.1710422101303; Thu, 14 Mar 2024 06:15:01 -0700 (PDT)
MIME-Version: 1.0
References: <E88F391B-19CF-4A54-BA4D-743B99599FFC@sn3rd.com> <B7FAB2EC-5B46-478C-92FB-E7559010EAF8@beurdouche.com>
In-Reply-To: <B7FAB2EC-5B46-478C-92FB-E7559010EAF8@beurdouche.com>
From: Brendan McMillion <brendanmcmillion@gmail.com>
Date: Thu, 14 Mar 2024 06:14:50 -0700
Message-ID: <CAJTd26+cARm7b2HFCbWget22eK=g6qkL_K5z=7Dm95gSuWibiQ@mail.gmail.com>
To: Benjamin Beurdouche <ietf@beurdouche.com>
Cc: Sean Turner <sean@sn3rd.com>, ML IETF Messaging Layer Security <mls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c3b55606139ead53"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/AJQwaX2-ZAXxaWuIHdVTKLO-VVw>
Subject: Re: [MLS] -mls-architecture: resolving encrypted group operations
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2024 13:15:06 -0000

I have a preference for #249. The idea that we are guilting people into
doing something hard or inefficient with this recommendation is not true.
Deploying MLS with encrypted handshake messages is actually easier! There
is less to do, fewer moving parts. Even if an application doesn't go "all
the way" by providing anonymity, handshake encryption still protects
metadata at-rest. And for the group sizes used by consumer-facing
messengers (~1000 max), the efficiency impact is minimal.

On Thu, Mar 14, 2024 at 3:08 AM Benjamin Beurdouche <ietf@beurdouche.com>
wrote:

> Hi,
>
> I have a preference for the other #249 which keeps the recommendation but
> I would be fine with either.
>
> My main reason is that, in the rest of the architecture document, the idea
> is to have the strongest
> security target possible as a recommandation and take explicit action to
> relax properties when needed.
>
> In that spirit I don’t see an issue with encrypting group operations even
> in the case you need server assist,
> the tradeoff being an additional ciphertext explicitly providing the
> information to the expected server
> and only that server…
>
> Ben
>
>
> > On 14 Mar 2024, at 04:56, Sean Turner <sean@sn3rd.com> wrote:
> >
> > Hi! Last we met, we talked about how to resolve the issue related to one
> of the encrypted group operation’s recommendations [1]; also, thanks to
> Brendan for starting this thread [2].  This thread is intended to help Nick
> and I call consensus on which of the two PRs to direct the authors to land.
> If it is not clear from this thread, we will discuss at our session at IETF
> 119.  The two PRs follow:
> >
> > 1. PR #246 [3] rewords the issue description and removes the
> recommendation; this change keeps us (the royal us) from looking silly when
> the first protocol to call out MLS does not follow the recommendation.
> >
> > 2. PR #249 [4] keeps recommendation but state that applications may use
> unencrypted operations if they have an explicit reason to.
> >
> > Cheers,
> > spt
> >
> > [1] https://github.com/mlswg/mls-architecture/issues/210
> > [2]
> https://mailarchive.ietf.org/arch/msg/mls/1ohlP2TZr_LBuLyM7rfDKnM9Jo8/
> > [3] https://github.com/mlswg/mls-architecture/pull/246
> > [4] https://github.com/mlswg/mls-architecture/pull/249
> > _______________________________________________
> > MLS mailing list
> > MLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/mls
>
> _______________________________________________
> MLS mailing list
> MLS@ietf.org
> https://www.ietf.org/mailman/listinfo/mls
>

v2.23.0 | Report a Bug | By Email