Re: [MLS] Revised MLS charter
Emad Omara <emadomara@google.com> Thu, 19 April 2018 07:28 UTC
Return-Path: <emadomara@google.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDF0812D77B for <mls@ietfa.amsl.com>; Thu, 19 Apr 2018 00:28:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.02
X-Spam-Level:
X-Spam-Status: No, score=-0.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5VqKOSUiCrpu for <mls@ietfa.amsl.com>; Thu, 19 Apr 2018 00:28:16 -0700 (PDT)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2235E12422F for <mls@ietf.org>; Thu, 19 Apr 2018 00:28:16 -0700 (PDT)
Received: by mail-io0-x230.google.com with SMTP id l2-v6so4007471iog.9 for <mls@ietf.org>; Thu, 19 Apr 2018 00:28:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=AJObF2pgcIIN8bpJXcBbGhW+Hi04EOuTBc6E58fuSow=; b=iLZJ0npHm3/ZHjqKHIaIBmGOOP8jYqxsUC4QlgsR/LBijHEUJliTmgaDjtJ3VAwAsw futvXGY22EzNEGjCnhnSP1bCCIiUVBjCognZpHlELJ+U365QdO+sAyki4y12W6Mp85FT t25cH8IcduSiZBJNhlCNHZHyoJfzoKBBpMsxP4s5rlCMEjaxKxvvF2pYPG+PVTf6EbVZ +lhlksePykH4oIgCySNRbf/jbv9UbNJQgLIalvmQ+DqN2bbsmPS4SHoswqggqa7ra4pY 5UBNJaWJPw8BQ0QOIoI7xae7u47FI4hGtrqJZv7wNOSkCz2II6tzEyaHIMUI6tVjic1t wxEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=AJObF2pgcIIN8bpJXcBbGhW+Hi04EOuTBc6E58fuSow=; b=rR8/TN/Mh1LcMFg9DNaXs4byCWHULXiKynYvcG3uzPABOBZlXIxf6yAfUPrmLNn0WQ 2CS+uPYh1+XkvheC4syMrYYg1tZ3z+tsKqzWtok7A14ks00qz2HAJpKsoourb2RDZAMg D3RBmQJO7bN9Lt7I1A9nUQMqmdy3DzIEjrZ5mglo6/enBmPqx+WAe2S3LAC0j6nmiquM F7c/d21mVt1zjoGNiAp2wusiQVfIlrlPh6rjeyD1TqlbTyzNAekX0n7zD8qWiMtqjlNq kgKkcKtqW9GiZMYgjc0uG1uf/qVhXIPUvRz3ByqOBMSgjbOprmOwLN0mvK/de1tST03C D2wg==
X-Gm-Message-State: ALQs6tDwr58JMGndIEs4SgU8eX3XkgF7V2EnGH+glcrthm1DYyhC5PRZ iuv+9RHdY7jzm0Aj1SHrH2HvxaIJnwubd+UagiH6
X-Google-Smtp-Source: AIpwx49Jr3n66eqlDv5sp2MUU9yEy1jX6RyS6fCU6JoSU4fNCDhh3KfKsN2a97N5c7dwNmhFFx/yTHzbz8Jmh4SkCKM=
X-Received: by 2002:a6b:c582:: with SMTP id v124-v6mr5329006iof.55.1524122894860; Thu, 19 Apr 2018 00:28:14 -0700 (PDT)
MIME-Version: 1.0
References: <E66143BE-F9D8-4073-A83E-10B4344BF15D@sn3rd.com> <5C447405-A453-41A3-8E58-02925FEB450D@sn3rd.com> <CAL02cgTugFZ18cJ_9Zi0syRT7kNk_Jjko9WEkOwpCSVMjJQYrg@mail.gmail.com> <CAKHUCzx9DVBBkKuwKrUzGVb6QpVP12LJD0URv4z4c2rip28K2A@mail.gmail.com> <1524066159.11012.1342515920.44B1978A@webmail.messagingengine.com> <CABdrxL6euCM2nZiigh2j5RZ1xyTvMaa2kXifxUX-MsOdSW4xGw@mail.gmail.com> <EBC0A703-D345-4DD3-B859-C0BD1FD7660A@fb.com>
In-Reply-To: <EBC0A703-D345-4DD3-B859-C0BD1FD7660A@fb.com>
From: Emad Omara <emadomara@google.com>
Date: Thu, 19 Apr 2018 07:28:03 +0000
Message-ID: <CAHo7dC8icKrztHMOMK4q9_NMTTKn0CmYFgtj3aYEY=6G-iWJYg@mail.gmail.com>
To: Jon Millican <jmillican@fb.com>
Cc: Cas Cremers <cas.cremers@cs.ox.ac.uk>, Katriel Cohn-Gordon <me@katriel.co.uk>, "mls@ietf.org" <mls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bebe6b056a2e8370"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/FY46c2q9ymBYOagOHWPOr6TXJqY>
Subject: Re: [MLS] Revised MLS charter
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Apr 2018 07:28:20 -0000
LGTM On Thu, Apr 19, 2018 at 7:33 AM Jon Millican <jmillican@fb.com> wrote: > Awesome, looks good to me. > > Sent from my iPhone > > On 18 Apr 2018, at 18:15, Cas Cremers <cas.cremers@cs.ox.ac.uk> wrote: > > Dear all, > > I am also happy with the revisions. Good to go! > > Cas > > On Wed, 18 Apr 2018, 16:42 Katriel Cohn-Gordon, <me@katriel.co.uk> wrote: > >> +1 >> >> >> On Wed, 18 Apr 2018, at 4:39 PM, Dave Cridland wrote: >> >> LGTM. >> >> On 18 April 2018 at 16:18, Richard Barnes <rlb@ipv.sx> wrote: >> >> Hey Sean, >> >> This looks good to me. Ship it. >> >> --Richard >> >> On Fri, Apr 13, 2018 at 2:52 PM, Sean Turner <sean@sn3rd.com> wrote: >> >> Sorry I missed to minor edits from Jonathan Lennox didn’t get copied over: >> >> Messaging Layer Security (MLS) Charter (DRAFT) >> >> Several Internet applications have a need for group key establishment >> and message protection protocols with the following properties: >> >> o Message Confidentiality - Messages can only be read >> by members of the group >> o Message Integrity and Authentication - Each message >> has been sent by an authenticated sender, and has >> not been tampered with >> o Membership Authentication - Each participant can verify >> the set of members in the group >> o Asynchronicity - Keys can be established without any >> two participants being online at the same time >> o Forward secrecy - Full compromise of a node at a point >> in time does not reveal past messages sent within the group >> o Post-compromise security - Full compromise of a node at a >> point in time does not reveal future messages sent within the group >> o Scalability - Resource requirements have good scaling in the >> >> size of the group (preferably sub-linear) >> >> Several widely-deployed applications have developed their own >> protocols to meet these needs. While these protocols are similar, >> no two are close enough to interoperate. As a result, each application >> vendor has had to maintain their own protocol stack and independently >> build trust in the quality of the protocol. The primary goal of this >> working group is to develop a standard messaging security protocol >> so that applications can share code, and so that there can be shared >> validation of the protocol (as there has been with TLS 1.3). >> >> It is not a goal of this group to enable interoperability / federation >> between messaging applications beyond the key establishment, >> authentication, and confidentiality services. Full interoperability >> would require alignment at many different layers beyond security, >> e.g., standard message transport and application semantics. The >> focus of this work is to develop a messaging security layer that >> different applications can adapt to their own needs. >> >> While authentication is a key goal of this working group, it is not >> the objective of this working group to develop new authentication >> technologies. Rather, the security protocol developed by this >> group will provide a way to leverage existing authentication >> technologies to associate identities with keys used in the protocol, >> just as TLS does with X.509. >> >> In developing this protocol, we will draw on lessons learned from >> several prior message-oriented security protocols, in addition to >> the proprietary messaging security protocols deployed within >> existing applications: >> >> o S/MIME - https://tools.ietf.org/html/rfc5751 >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc5751&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=bYpzIhi5-8x2q89JJ0lMiZvrqm8pZPt6-bL1-05NBbY&e=> >> o OpenPGP - https://tools.ietf.org/html/rfc4880 >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc4880&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=yElQKvJ5NvqXsxDr_LIrIdPIvlPWNtLHZZ-_E9rxKTE&e=> >> o Off the Record - https://otr.cypherpunks...ca/Protocol-v3-4.1.1.html >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__otr.cypherpunks.ca_Protocol-2Dv3-2D4.1.1.html&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=qGyXs2a-dgcAYhCd-GWdNKDY8YQtji3a7B0RvFWGQgM&e=> >> >> >> o Signal - https://signal.org/docs/ >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__signal.org_docs_&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=-l5BfMBSgi5ehwgyJ5eVIGspDR043ZEXiE54CybEAAU&e=> >> >> The intent of this working group is to follow the pattern of >> TLS 1.3, with specification, implementation, and verification >> proceeding in parallel. By the time we arrive at RFC, we >> hope to have several interoperable implementations as well >> >> as a thorough security analysis.. >> >> >> The specifications developed by this working group will be >> based on pre-standardization implementation and deployment >> >> experience, generalizing the design described in: >> >> o draft-omara-mls-architecture >> o draft-barnes-mls-protocol >> >> Note that consensus is required both for changes to the current >> protocol mechanisms and retention of current mechanisms. In >> particular, because something is in the initial document set does >> not imply that there is consensus around the feature or around >> how it is specified. >> >> Milestones: >> May 2018 - Initial working group documents for architecture and key >> management >> Sept 2018 - Initial working group document adopted for message protection >> Jan 2019 - Submit architecture document to IESG as Informational >> Jun 2019 - Submit key management protocol to IESG as Proposed Standard >> Sept 2019 - Submit message protection protocol to IESG as Proposed >> Standard >> >> Cheers, >> >> spt >> >> > On Apr 13, 2018, at 14:09, Sean Turner <sean@sn3rd.com> wrote: >> > >> > All, >> > >> > The charter tweaks made since the BOF include tweaking (and reordering) >> some of the “property” bullets: >> > - added message confidentiality >> > - message authentication changed to message integrity and authentication >> > >> > I know that Ben Schwartz mentioned that we should look at our “full >> compromise” definition, but in reviewing it the way it’s used in FS and PCS >> property bullets it looks okay to me. But, maybe Ben can elaborate a bit. >> > >> > Anyway at this point, here’s what we’re working with: >> > >> > >> > Messaging Layer Security (MLS) Charter (DRAFT) >> > >> > Several Internet applications have a need for group key establishment >> > and message protection protocols with the following properties: >> > >> > o Message Confidentiality - Messages can only be read >> > by members of the group >> > o Message Integrity and Authentication - Each message >> > has been sent by an authenticated sender, and has >> > not been tampered with >> > o Membership Authentication - Each participant can verify >> > the set of members in the group >> > o Asynchronicity - Keys can be established without any >> > two participants being online at the same time >> > o Forward secrecy - Full compromise of a node at a point >> > in time does not reveal past messages sent within the group >> > o Post-compromise security - Full compromise of a node at a >> > point in time does not reveal future messages sent within the group >> > o Scalability - Resource requirements that have good scaling in the >> > size of the group (preferably sub-linear) >> > >> > Several widely-deployed applications have developed their own >> > protocols to meet these needs. While these protocols are similar, >> > no two are close enough to interoperate. As a result, each application >> > vendor has had to maintain their own protocol stack and independently >> > build trust in the quality of the protocol. The primary goal of this >> > working group is to develop a standard messaging security protocol >> > so that applications can share code, and so that there can be shared >> > validation of the protocol (as there has been with TLS 1.3). >> > >> > It is not a goal of this group to enable interoperability / federation >> > between messaging applications beyond the key establishment, >> > authentication, and confidentiality services. Full interoperability >> > would require alignment at many different layers beyond security, >> > e.g., standard message transport and application semantics. The >> > focus of this work is to develop a messaging security layer that >> > different applications can adapt to their own needs. >> > >> > While authentication is a key goal of this working group, it is not >> > the objective of this working group to develop new authentication >> > technologies. Rather, the security protocol developed by this >> > group will provide a way to leverage existing authentication >> > technologies to associate identities with keys used in the protocol, >> > just as TLS does with X.509. >> > >> > In developing this protocol, we will draw on lessons learned from >> > several prior message-oriented security protocols, in addition to >> > the proprietary messaging security protocols deployed within >> > existing applications: >> > >> > o S/MIME - https://tools.ietf.org/html/rfc5751 >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc5751&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=bYpzIhi5-8x2q89JJ0lMiZvrqm8pZPt6-bL1-05NBbY&e=> >> > o OpenPGP - https://tools.ietf.org/html/rfc4880 >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc4880&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=yElQKvJ5NvqXsxDr_LIrIdPIvlPWNtLHZZ-_E9rxKTE&e=> >> > o Off the Record - https://otr.cypherpunks.ca/Protocol-v3-4.1.1.html >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__otr.cypherpunks.ca_Protocol-2Dv3-2D4.1.1.html&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=qGyXs2a-dgcAYhCd-GWdNKDY8YQtji3a7B0RvFWGQgM&e=> >> > o Signal - https://signal.org/docs/ >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__signal.org_docs_&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=-l5BfMBSgi5ehwgyJ5eVIGspDR043ZEXiE54CybEAAU&e=> >> > >> > The intent of this working group is to follow the pattern of >> > TLS 1.3, with specification, implementation, and verification >> > proceeding in parallel. By the time we arrive at RFC, we >> > hope to have several interoperable implementations as well >> > as a thorough security analysis. >> > >> > The specifications developed by this working group will be >> > based on pre-standardization implementation and deployment >> > experience, and generalizing the design described in: >> > >> > o draft-omara-mls-architecture >> > o draft-barnes-mls-protocol >> > >> > Note that consensus is required both for changes to the current >> > protocol mechanisms and retention of current mechanisms. In >> > particular, because something is in the initial document set does >> > not imply that there is consensus around the feature or around >> > how it is specified. >> > >> > Milestones: >> > May 2018 - Initial working group documents for architecture and key >> management >> > Sept 2018 - Initial working group document adopted for message >> protection >> > Jan 2019 - Submit architecture document to IESG as Informational >> > Jun 2019 - Submit key management protocol to IESG as Proposed Standard >> > Sept 2019 - Submit message protection protocol to IESG as Proposed >> Standard >> > >> > Cheers, >> > >> > spt >> >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_mls&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=rCkO6bjAuzkicAcC9xQwtwWMKhvoGkeNcRvXkyLozng&e=> >> >> >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_mls&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=rCkO6bjAuzkicAcC9xQwtwWMKhvoGkeNcRvXkyLozng&e=> >> >> *_______________________________________________* >> MLS mailing list >> MLS@ietf.org >> >> https://www.ietf..org/mailman/listinfo/mls >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_mls&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=rCkO6bjAuzkicAcC9xQwtwWMKhvoGkeNcRvXkyLozng&e=> >> >> _______________________________________________ >> MLS mailing list >> MLS@ietf.org >> https://www.ietf.org/mailman/listinfo/mls >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_mls&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=rCkO6bjAuzkicAcC9xQwtwWMKhvoGkeNcRvXkyLozng&e=> >> > _______________________________________________ > MLS mailing list > MLS@ietf.org > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_mls&d=DwICAg&c=5VD0RTtNlTh3ycd41b3MUw&r=M0CVEJydBVUX_bvEqMa84Q&m=vLw7yR8_BHETHOm3fcZejeAr3aBZpvg3HL8G5T-sm7U&s=rCkO6bjAuzkicAcC9xQwtwWMKhvoGkeNcRvXkyLozng&e= > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls >
- [MLS] Revised MLS charter Sean Turner
- Re: [MLS] Revised MLS charter Sean Turner
- Re: [MLS] Revised MLS charter Richard Barnes
- Re: [MLS] Revised MLS charter Dave Cridland
- Re: [MLS] Revised MLS charter Katriel Cohn-Gordon
- Re: [MLS] Revised MLS charter Cas Cremers
- Re: [MLS] Revised MLS charter Jon Millican
- Re: [MLS] Revised MLS charter Emad Omara
- Re: [MLS] Revised MLS charter Raphael Robert
- Re: [MLS] Revised MLS charter Paul Rösler