Re: [MLS] Deniability as external to the MLS protocol

Sofía Celi <cherenkov@riseup.net> Fri, 13 November 2020 15:02 UTC

Return-Path: <cherenkov@riseup.net>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 893533A0D7B for <mls@ietfa.amsl.com>; Fri, 13 Nov 2020 07:02:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=riseup.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2gKp4r12THcT for <mls@ietfa.amsl.com>; Fri, 13 Nov 2020 07:02:09 -0800 (PST)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44E383A0D75 for <mls@ietf.org>; Fri, 13 Nov 2020 07:02:09 -0800 (PST)
Received: from capuchin.riseup.net (capuchin-pn.riseup.net [10.0.1.176]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4CXhWn49ZWzFmZp for <mls@ietf.org>; Fri, 13 Nov 2020 07:01:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1605279717; bh=0GIAKkPANZfhMnxUngVFRC825s8tUt6wkqDxiVZ0QYw=; h=To:References:From:Subject:Date:In-Reply-To:From; b=Igo9XWzVSy1WutUQ/sq94tMWfOMd5ixmXVfATigL5nuO7tBHf4kXCqGmsl05SD07t nFuJvJsJIwi0Pwyks8VMvCbP3WECKLK+tm42h0gQ8xnwgzaeROCUOyXL5S9/F9hOhq 93+SRqH+dqkuNUvCV2JVLvgrosQUbQOYw7cjUPtA=
X-Riseup-User-ID: 2DDA9DB24B96720AC64D0C03D19DD87DA51ECD4544C7348EC19BE6B24106DEF0
Received: from [127.0.0.1] (localhost [127.0.0.1]) by capuchin.riseup.net (Postfix) with ESMTPSA id 4CXhWh0Trcz8tn9 for <mls@ietf.org>; Fri, 13 Nov 2020 07:01:40 -0800 (PST)
To: mls@ietf.org
References: <CAL02cgTUQLwfOAhxT94AURD6Dog_1H9=bvC6c3Nox1Q8g7Nb7g@mail.gmail.com> <CAJoqpTKC-Wi4BoZG8NaYH6ixq90kk151m-Ex1qTO2H-dP0Qtuw@mail.gmail.com> <96652990-A5DD-4D5C-8B79-73656A0C10C7@wire.com>
From: =?UTF-8?Q?Sof=c3=ada_Celi?= <cherenkov@riseup.net>
Message-ID: <a71d2649-52f4-430f-d3c6-4ca0b10678a2@riseup.net>
Date: Fri, 13 Nov 2020 15:01:38 +0000
MIME-Version: 1.0
In-Reply-To: <96652990-A5DD-4D5C-8B79-73656A0C10C7@wire.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/FitDfKtiyB6VIq7QTmJdIxDUh-0>
Subject: Re: [MLS] Deniability as external to the MLS protocol
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Nov 2020 15:02:11 -0000

Dear all,

As you know, we had many discussions on deniability and solving this
problem is not an easy task, as evidence of this thread. To make sure we
can work on this optional feature in the future, without modifying the
core protocol, we believe that there are no changes needed to be added
to the core protocol. Some minor relaxing of the phrasing in the
document might be useful, though, and might help for future features as
well, so I have submitted PR #437
(https://github.com/mlswg/mls-protocol/pull/437). This rephrasing should
allow deniability of application messages by allowing the usage of
deniable signature keys. Please, let us know of any comments regarding it.

Thank you,


-- 
Sofía Celi
@claucece
http://claucece.github.io/
Cryptographic research and implementation at many places, but mainly at
Cloudflare
FAB9 3EDC 7CDD 1198 DCFD  4558 91BB 6B45 6F44 2D02