IETF Logo Mail Archive

[MLS] External Commits - Resync

"Hale, Britta (CIV)" <britta.hale@nps.edu> Fri, 20 November 2020 23:17 UTC

Return-Path: <britta.hale@nps.edu>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4EA23A0BEB for <mls@ietfa.amsl.com>; Fri, 20 Nov 2020 15:17:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0Spw3bMq7m8 for <mls@ietfa.amsl.com>; Fri, 20 Nov 2020 15:17:36 -0800 (PST)
Received: from mule.nps.edu (mule.nps.edu [205.155.65.106]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 326453A0BD9 for <mls@ietf.org>; Fri, 20 Nov 2020 15:17:36 -0800 (PST)
X-ASG-Debug-ID: 1605914255-0e39454b988e110001-bGA3T6
Received: from mail.nps.edu (synergos.ern.nps.edu [172.20.4.116]) by mule.nps.edu with ESMTP id vwEqVPIms7C4J1bM (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO) for <mls@ietf.org>; Fri, 20 Nov 2020 15:17:35 -0800 (PST)
X-Barracuda-Envelope-From: britta.hale@nps.edu
Received: from synergos.ern.nps.edu (172.20.4.116) by synergos.ern.nps.edu (172.20.4.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.2106.2; Fri, 20 Nov 2020 15:17:34 -0800
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.173) by synergos.ern.nps.edu (172.20.4.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.2106.2 via Frontend Transport; Fri, 20 Nov 2020 15:17:34 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=av4vkQt4BcnOe4M09zDyyWQpuDlkkdvtrqCzdH/7V6qJkNsJ71PH/dE6nQtsZqKLOAQkXQBv+De+GYJb8o+ZCjk7kMkd0ukTQ5E8ojFCM0LVPtIlTWpyJgystzi+Rt9TF8iIRdaZvwxEkAqGhTcxG2xSBCmrHiCnqct98I9dv/yVVZ49q1mb4Ug+OM0R8wZqchJ21n0NaK9VPf+TyPYRWGCMNAV5GH36FgBVl0WPkyfkg77LwxwF2s5jDXHlFa7QuSDGH8xZK+THKM1PR/TQpE7g6oq1X9BDFfVYkjPVXH1HFMs65Lu+O8ZGKI/sTNe6b75tgTTjk3Jdi3s7ZOci7w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kd5jV2871+knmDAeW9mgYVMtPtsyenrYRsXjzmqFFKs=; b=BEnCqsmK4tx6QGO+GOWwT/M8dtk0Hs1hchA8xytnBojuGWD1Snqm9oxPvyYLYCrCN7hInV0mo+nv2sLaSPZTOtlBKRcXKRup8B05HQ8K9b6cSItODMaVRHy7imBCk0DMnIXLwzZv1Qy6UsquhL7OezD6YOPZBeoGHiAnybFuQTRSFBf0h/Y7zHRLCD/3cf7LBHcijPqtZM+N1L2LfXICcxYWus8keIvYjb598mHZdjaG5GNq7EaFF+TZ2derqul5OcwLvL6x6TdXavRen1+O1tZgiyvQIW6Wn8U70DywgYX/nleK0AErRYami51qchhfZSQV0Gvp3uaC5M1K42L9Ig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nps.edu; dmarc=pass action=none header.from=nps.edu; dkim=pass header.d=nps.edu; arc=none
Received: from BY5PR13MB3348.namprd13.prod.outlook.com (2603:10b6:a03:1aa::23) by BY5PR13MB3013.namprd13.prod.outlook.com (2603:10b6:a03:185::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.12; Fri, 20 Nov 2020 23:17:31 +0000
Received: from BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::8da3:28a1:917e:51c7]) by BY5PR13MB3348.namprd13.prod.outlook.com ([fe80::8da3:28a1:917e:51c7%6]) with mapi id 15.20.3589.016; Fri, 20 Nov 2020 23:17:31 +0000
X-Barracuda-Effective-Source-IP: UNKNOWN[2603:10b6:a03:185::31]
X-Barracuda-Apparent-Source-IP: 2603:10b6:a03:185::31
From: "Hale, Britta (CIV)" <britta.hale@nps.edu>
To: "mls@ietf.org" <mls@ietf.org>
Thread-Topic: External Commits - Resync
X-ASG-Orig-Subj: External Commits - Resync
Thread-Index: AQHWv5NRsk7dG7UlqUma1q4mUO19OA==
Date: Fri, 20 Nov 2020 23:17:31 +0000
Message-ID: <44D1D4F7-9F82-4D46-AF26-D4ECCFB14D13@nps.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.1b.201012
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nps.edu;
x-originating-ip: [2601:647:cb00:2941:9940:6c2c:ec4c:5939]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f6d6e1e9-eea5-4926-5c0c-08d88daa748b
x-ms-traffictypediagnostic: BY5PR13MB3013:
x-microsoft-antispam-prvs: <BY5PR13MB301362B18EEDE137E7C97C80FBFF0@BY5PR13MB3013.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cBS9zFEf9xzgk6RVhY3frGImz/gkVdgg12l9e2Tafe2RSa0hfYZNFOwDqSP9i0sly+Gmqp3IPnjmvOtNomicLYF1E7cUtz3m0E/bZu7YWJN8nDuPIU445Sq6eNyfTXXHk8S7Pk1H/YOQg74zOyk7KK2UiQbS2lAWkdgnthtKTqexsO3yqqes06urfR/x+znoQmb6hcFQoL86d8A/rLaPJzl+tEcGLX5cmDt+ZJzk0mX009HMM9Dv+yLweSauac5vVuYolUqWHZtm5ou0aqFccGschjJi1WpV4HxSGxEPxkoF5PG42a6K8obJeM4UsVexa8hshD9bT/ujilG2Z1e6KQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR13MB3348.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39850400004)(376002)(366004)(136003)(346002)(396003)(66556008)(66446008)(64756008)(6512007)(8936002)(186003)(36756003)(76116006)(75432002)(83380400001)(478600001)(33656002)(786003)(8676002)(66946007)(2616005)(2906002)(66476007)(86362001)(6916009)(6486002)(6506007)(5660300002)(71200400001)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: dFvLxFjtyOGr1F+v36jxFd12sGMwP/492q0jY7dv5X2W97PhIkJa1uKVFsIHLL5FXIJnjIvhBqPeUfJ/KmyxU4HXuSYp5f+cDm0crWkyFhMUFHw2YnnwS4+qWkPOuYjBBJ0nT8mgpqhYxQ/ZpHn8/lN3B364Mej5jj5tbDaLxJlefuIfJ+fKKPe0SOjVgAMJOYIBPZEZQsXjuN4SfrsaUbXbFD/dUHw3xRVUIbhIeAitHiCtGS92koBGcFL1Ty5onobU9A1caWCvWrbiN76Lk5wMSJsTBcbPecHDY/ZMLIApaS7qJ/v4iKZaxK2atv6jlKDTGMd+AeZmQgc9MxHOKpj6KtXILEOQmXPcYWLEFALmyObk8pjgrk0A9DdUl0qPDRqnzUCmZyYs8mS897aZ+bskprwslJgEKK7lDd2yAFwnQV2M0RrAgQTbG+njDiZzaxaz3G9cIPPM/qr9NsrpIOe06KEyvql0Aq3089XY9Uruz6nI6TsZSuIy/JLRsIP+AiX0pOszmmsQrpZKfO5tgtBmHqLslBdi/HR14UiGDDrF/W38/Ftw7TeBl39O8bbrwonNwWzfpFyctVGlejb130BGg2CgeYWhLO2RtmZogSnCDtb0wIeP0eKtwEzz0enPhZs9ZaIMti6czk+34KwzgTGjnn9fND8+0LXtyDO5HutGltBgEI+d/GxzINS5Nsr6HERwi/jwGsttceBN352KKQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_44D1D4F79F824D46AF26D4ECCFB14D13npsedu_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BY5PR13MB3348.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f6d6e1e9-eea5-4926-5c0c-08d88daa748b
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Nov 2020 23:17:31.0952 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 6d936231-a517-40ea-9199-f7578963378e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: qf3mwiXHBQkOBZqrl4hk2qOdQFylTv59bCSLF4GLGbiqtxTFG7fzmJhQRTJzdGwY1E1XkEE9lETYO66lSehYXw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR13MB3013
X-OriginatorOrg: nps.edu
X-Barracuda-Connect: synergos.ern.nps.edu[172.20.4.116]
X-Barracuda-Start-Time: 1605914255
X-Barracuda-Encrypted: ECDHE-RSA-AES256-SHA384
X-Barracuda-URL: https://205.155.65.106:443/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at nps.edu
X-Barracuda-Scan-Msg-Size: 10007
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.86010 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/FGwX0vFzp3YMidfbCcBUXt8DVgM>
Subject: [MLS] External Commits - Resync
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2020 23:17:38 -0000

Hi all,

A good point was raised by Jonathon Hoyland during the MLS IETF 109 meeting regarding possible concerns in using external commits for resync, particularly in the case of Alice adding/removing herself. Richard noted that this is a feature in the case that Alice is no longer synchronized with the group and therefore can use an external commit to add herself back in, removing the previous version.

As opposed to any newcomer joining with an external commit, the case of Alice re-joining presents a potential security issue. Namely, as currently specified (in my reading of the draft), an existing group member, Bob, has no means to distinguish between the following cases:

  1.  Alice needs to resync and therefore performs an external commit and removes her prior version.
  2.  Alice’s signature keys are compromised (it is not necessary for the adversary to compromise any group state). The adversary performs an external commit in Alice’s name, and then removes her prior version and impersonates her to the group.


One might hope that Alice notices that she is removed and communicates this to the group members OOB, but it is also possible that that she assumes some other reason for the removal, is offline, or simply is not active enough to take action for a fairly long compromise window. Even if she tries to use an external commit to get back into the group and then removes the adversary-as-Alice, there is no means for other group members distinguish the real Alice from the adversary-as-Alice and the process could be circular (until new valid identity keys are issued).

While a newcomer is a fresh source to be trusted or not, Alice has been “healing” along with the group and the above option (2) allows the adversary to bypass all of that.

The source of the problem is that when Alice re-syncs, she is not providing any validation of being the same/previous identity, so it is easy for other group members to accept that nothing more than a resync has taken place. Thus, a fairly straightforward solution is to require PSK use in cases where an external commit is used for resync. By enabling a PSK derived from a previous epoch during which Alice was part of the group to be injected with the external commit, Alice provides some proof of prior group membership and we avoid the total reset.

What does everyone think about this? Is it a problem that we want to address, or let it fall out-of-scope?
(Also, if I missed something in the draft that already fixes this, please point it out.)

- Britta

v2.23.0 | Report a Bug | By Email