IETF Logo Mail Archive

Re: [MLS] Comments on open PRs

"Hale, Britta (CIV)" <britta.hale@nps.edu> Fri, 29 May 2020 20:10 UTC

Return-Path: <britta.hale@nps.edu>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E43B3A0867 for <mls@ietfa.amsl.com>; Fri, 29 May 2020 13:10:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WL7_OSHu4GGz for <mls@ietfa.amsl.com>; Fri, 29 May 2020 13:10:51 -0700 (PDT)
Received: from mule.nps.edu (mule.nps.edu [205.155.65.106]) by ietfa.amsl.com (Postfix) with ESMTP id 524F03A085B for <mls@ietf.org>; Fri, 29 May 2020 13:10:51 -0700 (PDT)
X-ASG-Debug-ID: 1590783047-0e39454964591510001-bGA3T6
Received: from mail.nps.edu (synergos.ern.nps.edu [172.20.4.116]) by mule.nps.edu with ESMTP id AbvQHkuRXnM8QemE for <mls@ietf.org>; Fri, 29 May 2020 13:10:47 -0700 (PDT)
X-Barracuda-Envelope-From: britta.hale@nps.edu
Received: from synergos.ern.nps.edu (172.20.4.116) by synergos.ern.nps.edu (172.20.4.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1531.3; Fri, 29 May 2020 13:10:01 -0700
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.42) by synergos.ern.nps.edu (172.20.4.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1531.3 via Frontend Transport; Fri, 29 May 2020 13:10:01 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BA4iiS/91nm++F96x3U/vgd/xdZUS07/N16bInl4OwyN+dUJPcD111Pyijkehsnaqi5gYhMBQ5JutV2vPHnKBOIThvIkl9vzfMOLlLxzb+TuirgYEGbPkpqr3ljy6K8AJGFixp3ORBCuPD/L+7/y1Yzi1jlym7HBU4WLHklLk4/DfQH98fhP/5oGOhVwKkB7aIGN721AngqknpUNv46gnN7b10rPNIEdSAwbCscpNZX9nGf9gZpBz60mwvFu99R2RKnTFqe5S6VXOivdClv/0lcOgYuTwbLgfDMqH/Hy3dWkEetD6K1PZUpeBKAkCUlXGiLi4pUlnLOX6mjgNYacyQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oJwM3FzLFL/xG1/1NtFP0Y8JUYu3NnHD8aPJWTDZ+pQ=; b=i6T8hWI1z3SPvXxGN3MhzxKwy8cRzA4xNtyF94JVYj1J9JpQ5fbkxQR2tmUPosgCm3MVn4s8y4arRl0xgflNv3yIREeFylnQ8cUgXZ3Vz5BVo8lVsoIMOQzwro6CsLEhLDT+V+5bWjY1pNVJIHrChwoaY1cmSyKIo2EtDfOLRtYItDzBdB0dywYfMWDcJnSJCVOeywG8q1KjOC48G6Idil/Y0gk2PW+yvzYrtFUAd3O410na8E5/JKIpkI91zjvMEZQer9JYRaNvgEgAK5sL1fK84xEPEpRY1TrCRTuZSfRNGP/RDpg0ParlYCujYjnHIhBSYWXN+oYjHbTPtgCCew==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nps.edu; dmarc=pass action=none header.from=nps.edu; dkim=pass header.d=nps.edu; arc=none
Received: from BY5PR13MB3013.namprd13.prod.outlook.com (2603:10b6:a03:185::31) by BY5PR13MB3426.namprd13.prod.outlook.com (2603:10b6:a03:1a3::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.7; Fri, 29 May 2020 20:09:59 +0000
Received: from BY5PR13MB3013.namprd13.prod.outlook.com ([fe80::b93a:9f12:aa45:6194]) by BY5PR13MB3013.namprd13.prod.outlook.com ([fe80::b93a:9f12:aa45:6194%7]) with mapi id 15.20.3066.007; Fri, 29 May 2020 20:09:59 +0000
X-Barracuda-Effective-Source-IP: UNKNOWN[2603:10b6:a03:1a3::13]
X-Barracuda-Apparent-Source-IP: 2603:10b6:a03:1a3::13
From: "Hale, Britta (CIV)" <britta.hale@nps.edu>
To: Messaging Layer Security WG <mls@ietf.org>
Thread-Topic: [MLS] Comments on open PRs
X-ASG-Orig-Subj: Re: [MLS] Comments on open PRs
Thread-Index: AQHWNWHuYwibWmnquEe2gfxe7A/INai/CiKA
Date: Fri, 29 May 2020 20:09:58 +0000
Message-ID: <BA170B3B-A8E8-4CB7-B11A-94A483052A9A@nps.edu>
References: <CAFDDyk_Vv-SSSCc1baPG_27FT0oUq7P94UTEVQtzihNcFtRjNA@mail.gmail.com>
In-Reply-To: <CAFDDyk_Vv-SSSCc1baPG_27FT0oUq7P94UTEVQtzihNcFtRjNA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.16.200509
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nps.edu;
x-originating-ip: [2601:647:cb00:2941:1845:f2e:78a2:7ff]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 632ad7a1-da7d-45c4-da63-08d8040c436c
x-ms-traffictypediagnostic: BY5PR13MB3426:
x-microsoft-antispam-prvs: <BY5PR13MB342664E2B2C515461F1FBCCBFB8F0@BY5PR13MB3426.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 04180B6720
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0y9kfOGUtujsf/cdAUui3jWtWnM1qSHCO4kyyvEVChVjWWAnzj4PAmf6E6sH7mrNHp13jXPg+qN8gsSUJHdRek2Mt++hIldTS3lT2fBPxQgzbAtmctjv/smIvmvK9mhImG2OtWESJZ9kGmK6eFkBF6+ybQnM1ouSvye9Newi1DZWPRGBdtpMtjvMYLilOKYzkZGKGbPQD/qUzYG6FnGKTJPD6GmFB2QFCAqI01iNZjhGI6bE/gmj3rHWzj78TaU4K4CNXpawKhbaDL6GjujTnMKkbqSaGe7GQU2G9ZHSpWmcD7h45zSzf/D0NeHLyc3pZz3d/rXdCT7tD4QsX+4GD7+dWSRHutIMMPyJns+8aPUkVkA9IkM16NqiSFlcYU5+mOb6MBdRbAiwEHwBgjbAw4/m41TDPCj/SUHZYi785p7UaIBE6a0C0HKxV4tClo0PZDbl+k/dJN7rWGjY9/uEWCOlqcpT2UbIHfI8Lo3s7Q4rT/64VJEq/4N2jwmlJoJd
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR13MB3013.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(366004)(346002)(39850400004)(376002)(396003)(186003)(33656002)(66946007)(6486002)(76116006)(66476007)(64756008)(66446008)(8936002)(316002)(966005)(6916009)(786003)(66556008)(71200400001)(6512007)(5660300002)(75432002)(83380400001)(6506007)(86362001)(36756003)(478600001)(2906002)(8676002)(2616005)(166002)(53546011)(66574014)(95530200001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: HReeYgH+pDVt76JNDKtyEX9Lm5M4bwxajA7CvFtsuMNigKKGS7xYUb5p6h4wK0UDX8KN/9BufSCVTeYTbLn3imYus6m9F8GES1rAL4EZeESOKNUUNsVkPVQ/r1IvL0QUxtB0Iel9jyLlhGjkw+914YcOD9qKIG6CGFEYnGPHxxTRzgSP6qKdE1VQ/Zh9Ao4SPdyNgWJl73ZXj58s/24wK2nGOsM5ZO3K0ET2NRqmwXtpqFJbcOv87ohv79sgdIhPYjetbYK/OAW3tA8d020Se5+sD24Dkn5nE3J25K17CFM2ydNNC3y8WGwYCXowMUSWIQSpT/g24tHjRxq6wCeq67xOdkW+iPKMZA3P7OUOtf4Vxfy07SpzekUtfqgrqOEISHl7Vu5N0lUsRho0AKPZ5tx7eUGVPbk7ynGvLd028HLdh10w2cYTv1PbTmNga9J99dbqUBieGKVEGq4G8J8xR7VcanZK51+q03oGxhYTGBmejNnUKgrAiilL6xhwm7bMUNvPpUE3/k/6qNW8dYjMrMnmX7Pqouy8fTSdpGNqbBI=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BA170B3BA8E84CB7B11A94A483052A9Anpsedu_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 632ad7a1-da7d-45c4-da63-08d8040c436c
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 May 2020 20:09:58.8052 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6d936231-a517-40ea-9199-f7578963378e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: XGkc4HoOYrRt99PX6FBSPyhQRFLrf3Wtddh5WNLbozRYWJ00YXLK3awCvxlmim8VrdctfsXd3uqQph0Ct1mgVA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR13MB3426
X-OriginatorOrg: nps.edu
X-Barracuda-Connect: synergos.ern.nps.edu[172.20.4.116]
X-Barracuda-Start-Time: 1590783047
X-Barracuda-URL: https://205.155.65.106:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at nps.edu
X-Barracuda-Scan-Msg-Size: 9515
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.82192 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/DOc559lV-M9JtTKL8TuGhq8LRpc>
Subject: Re: [MLS] Comments on open PRs
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 May 2020 20:10:53 -0000

One comment on PR #331, although the PR has already been merged:

Ratcheting (hashing forward) should be sufficient for FS guarantees to the original group.
The lack of update/new entropy when just hashing forward does affect PCS:

  *   Since the original group may/may not have updated irrespective of the add, this should not significantly affect those in that group.
  *   It does affect the new member, as that member does not know when the group was last updated, and therefore does not know how “vulnerable” of a group it is entering. However, if new members are mandated to update and commit immediately, the window of vulnerability is limited.

The latter point is related to the ‘HPKE key reuse’ question raised by Joël & Sandro in an earlier email – namely, what happens if an added member is unable to update immediately.

Britta


From: MLS <mls-bounces@ietf.org> on behalf of Nick Sullivan <nick=40cloudflare.com@dmarc.ietf.org>
Date: Thursday, May 28, 2020 at 7:36 PM
To: Messaging Layer Security WG <mls@ietf.org>
Subject: [MLS] Comments on open PRs

MLSWG,

There are several open pull requests on the protocol document:
https://github.com/mlswg/mls-protocol/pulls

We discussed three PRs during the last meeting:
PR #336 PSK Injection
PR #331 Making ratcheting optional for Adds
PR #337 n-PRF (multi-PSK injection)

The discussion of #331 was not completely captured in the draft meeting notes, so if someone has something to add, please comment on this PR: https://github.com/mlswg/wg-materials/pull/9

If you'd like to advocate for or against any of these changes, either reply on this thread or start a new thread on the mailing list. We'll discuss the changes at the next interim meeting (next Tuesday).

Nick & Sean

v2.23.0 | Report a Bug | By Email