IETF Logo Mail Archive

Re: [MLS] recharter text

Brendan McMillion <brendanmcmillion@gmail.com> Mon, 13 November 2023 20:04 UTC

Return-Path: <brendanmcmillion@gmail.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98CABC151522 for <mls@ietfa.amsl.com>; Mon, 13 Nov 2023 12:04:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sU_qoNlCwAgv for <mls@ietfa.amsl.com>; Mon, 13 Nov 2023 12:04:05 -0800 (PST)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15138C15109C for <mls@ietf.org>; Mon, 13 Nov 2023 12:04:05 -0800 (PST)
Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-53dd3f169d8so7251719a12.3 for <mls@ietf.org>; Mon, 13 Nov 2023 12:04:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699905843; x=1700510643; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=l61zIiGqThw2hn0WNotp4+Af5jiskourBE3pr2sIoNU=; b=a6tSL9t7ZzV0dYfLSGhsI82itK6PD8qmFTq86Sn7iR/DTJNk8m5YoQZYUQBIF6ouKt pT0BB7INcPLe+Zv461Zj+LQZlpvp1JV7xLBMQW3CfxSWlolUXlN2ReW5KhtpVL6xTjLy 6DlZWBgnbWjk2FQSmgsvquCSKv7FnRraxTmv72jX3wso3dO1b7i/25gg4oP/xXETESa4 Rj0NJ6vMdaMHFiUZfmX//iKqiShSq/awyIbHGCXIEfltRPl1bPWc7C54Jjb6VP7KG5+r i5SQ5lEDPLPxMGyQIZ0Xevp0wsgjOJ6b1gs8ioqLprSKTUE29WgDUrZennFj9GUB0G8E kKzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699905843; x=1700510643; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=l61zIiGqThw2hn0WNotp4+Af5jiskourBE3pr2sIoNU=; b=orK6ZslJK66KusJPsI6NJr1turJev97V3XGq9Eulv0MoK4gNAWY2nJTE2tkKeG5nMK wahFUxWoUrebgGvZGr9CFwI8G7iaUTdUqnFIKYK0x4qe8Q4hrZjajCpMUENS0C0MrUBy 9G2C+HYaYPWd2ghqkmsm3kH3TqZWZ6ec1xaBO2kwN5gAp13fHq1wSelg1SZUSa/G8IjF jJ5/EIFyeOw/lNGklT8J4DE2GO9OtEPscwVFqxf5LgMR++/L+ISeitVxjba2WETUQRx6 /zlGVj+4szIwV7JSCKGdBVK0FBg3MhoCHwRk8mO0+1ib/CqOCRjNGiVD3o+5a+Uqf3up Iisw==
X-Gm-Message-State: AOJu0Yz+AFIMFqlRml9iV5iBUXSTdpuQRojvuwM7QGxOsRv/X4nX1Q7t ttcgMsqgl+tUki+A2trRrNm4vLOfKCtRSE4R2Bc=
X-Google-Smtp-Source: AGHT+IG2Lt3SgbLjV1Za/UJW3FUMvKLqV42wb36fRoQHBdm46Ypa6deZ+IygDnios1JGRW1taracRJSDvLI3un719UQ=
X-Received: by 2002:a05:6402:5193:b0:543:5789:4d6c with SMTP id q19-20020a056402519300b0054357894d6cmr7158087edd.2.1699905842746; Mon, 13 Nov 2023 12:04:02 -0800 (PST)
MIME-Version: 1.0
References: <E7722644-F886-46AF-A262-D3404CBDC99B@sn3rd.com> <CACsn0cnXFs4R90F=7mvXsYggN=_QRJCvBVW+VF4EHd_8oEE8wg@mail.gmail.com> <3ee585b6-5144-d65b-75e0-5f78ab7cdb53@nohats.ca> <CAJTd26Keyirkwdm3wS4oDphiOjvuDjHUR65ryE2Vt4ApBvf1Kw@mail.gmail.com> <CACW8--P9PzkyKmN5-j71CA4vzhBq3qGTP2PJFsExbF3G3Z9Bnw@mail.gmail.com>
In-Reply-To: <CACW8--P9PzkyKmN5-j71CA4vzhBq3qGTP2PJFsExbF3G3Z9Bnw@mail.gmail.com>
From: Brendan McMillion <brendanmcmillion@gmail.com>
Date: Mon, 13 Nov 2023 12:03:51 -0800
Message-ID: <CAJTd26L9Qpds-SwLu+UqN3vrwWp31we=8Z=D9zRkkwqWR3iq5A@mail.gmail.com>
To: Rohan Mahy <rohan.mahy@wire.com>
Cc: Paul Wouters <paul@nohats.ca>, Watson Ladd <watsonbladd@gmail.com>, Sean Turner <sean@sn3rd.com>, MLS List <mls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e8988b060a0e2b79"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/HFpNKXNEtm9OdNmyR9COX1TTdS4>
Subject: Re: [MLS] recharter text
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2023 20:04:05 -0000

On Sun, Nov 12, 2023 at 10:45 PM Rohan Mahy <rohan.mahy@wire.com> wrote:

>
> A couple of comments inline:
>
> On Sun, Nov 12, 2023 at 11:17 PM Brendan McMillion <
> brendanmcmillion@gmail.com> wrote:
>
>> "Support for common operational patterns in messaging applications" -- On
>> the other hand this seems too broad, in that arbitrary endless work could
>> fit under this umbrella. The two drafts listed under this category are
>> "Last resort KPs" and "KP context". I've been concerned about the utility
>> of these drafts. They specify that new information be put inside of the
>> KeyPackage and signed. But I don't believe there's much security value in
>> having this information signed. The drafts also require application logic
>> outside of the extension to work correctly, so using the extension is not
>> any operationally simpler than a solution that's entirely application-level.
>>
>
> Are you calling my baby ugly?   ;-)
>
> Brendan, I don't think you are considering the system implications of
> claiming KeyPackages. In many systems, the client that generates the
> KeyPackages is offline when they are claimed. How would the requester of a
> KeyPackage get an appropriate KeyPackage from the target's provider, and
> how would the target's provider know which KeyPackage to provide unless we
> specify the necessary fields? Sure, if the target is always online you can
> do this at the application level, but the target is not always online.
>

Not ugly! Just expressing concerns about the baby's utility.

I don't see why the target would need to be online? The procedures for
uploading and downloading KeyPackages are 100% application-specific, so
clients can communicate whatever usage constraints they want as part of the
upload process, and the DS can enforce those constraints however it pleases
as part of the download process. If I communicate to my DS that a KP should
only be given to certain people, the DS can enforce that while I'm offline.

Another point is that I need to be sure that the DS understands and
supports whatever constraints I'm requesting. A KP extension doesn't give
me that confidence because the DS and other clients are supposed to ignore
unknown KP extensions. Ignoring a KP extension with usage constraints
results in messages being unreadable when those constraints are not
enforced.


> I'd also like to see a call-out to work on support for the "user trees"
>> idea that was mentioned during the meeting.
>>
>
> While I am super excited about this, we don't even have an internet draft
> yet. Maybe we could finish some of the work that is close to publication,
> and then add this? I like the idea of doing a lite recharter every 6
> months, and I think this would be consistent with that approach.
>

I am also very excited about this


> Thanks,
> -rohan
>

v2.23.0 | Report a Bug | By Email