Re: [MLS] Group ID

Richard Barnes <rlb@ipv.sx> Wed, 05 June 2019 20:29 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B0FA120159 for <mls@ietfa.amsl.com>; Wed, 5 Jun 2019 13:29:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1xqBjU3x_Nvl for <mls@ietfa.amsl.com>; Wed, 5 Jun 2019 13:29:22 -0700 (PDT)
Received: from mail-oi1-x229.google.com (mail-oi1-x229.google.com [IPv6:2607:f8b0:4864:20::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10D48120019 for <mls@ietf.org>; Wed, 5 Jun 2019 13:29:22 -0700 (PDT)
Received: by mail-oi1-x229.google.com with SMTP id v186so4897300oie.5 for <mls@ietf.org>; Wed, 05 Jun 2019 13:29:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=bZCrV1poJp7wz+QPXsgHv/loNOnZ+VCyJKJoomkIzzc=; b=nmRJ5lF0iNwwFPtWPeei+Bed1ytSC8o/0e0cRcgzB1WIHXfc7iqjp7pIB73Elb/Nqm oYyFArAPQEMMssDeW3/qOL9cd2PL746zKpztJp7aHgxl7XGWQZI2UWqrI2ZgmuGTdjUL yDOnb8Zvt3Vz/D8iFFU9kkSFIuCUhBJQzgtVStaBgUWpqr2cOeMCuxbG8hF+3KrVq3M7 jIQ6Ufw7V9BOkOkJlIsjTHqTP1w4Cs4IGQNQoHBrkI5p/UnxicXHIIVHc/0E2xLaVe6+ NuUeLFKjPTKikliGEqNTSmCwANkELfMotlkbj+bSj6LIGjHlwCG3jEEqsCaAFn52ubaR 0qJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bZCrV1poJp7wz+QPXsgHv/loNOnZ+VCyJKJoomkIzzc=; b=MumLrMU/djEmuqr9znbIGQYlL4Y1qhuxyQJ4V9YHMhDTpjLcd9D8zqO8KBtWfHfVhg lyIA06UstQPy7hJpaW0rUPCnogx5wtrmCkr+V9iKQ53te36AlS/9P3/zQQDndxk/dR+W XJ2BchPd9vul8vqlsmouzx1KWHw/pJsebTXAPD0f4GPF5b/3yEwy/0yMlj7UC++UFTny JT7K2E4bBnx+cnh50qaI51jXej8FHF1OLbsUXjXOS1dXCGX8XIAsKKIn/vtLZPQgJ0ro NR6TxPVtaMlKPZpN9D3L9CeIqzcnFK3RG3dvoASPRw2cVE2citgbAlg3iM+Mn4mv/hJC bZFQ==
X-Gm-Message-State: APjAAAV9W5+YdI8qSzZ0g1LIsbtHZkYjaDDHJbDwZT0TPuCOrM7WkrC+ l3GXzL/paN1A6CEAY8rcKLbnZnbEWetJR1UDaRm/WA==
X-Google-Smtp-Source: APXvYqyoeCgWUH7xkyQ8Hrsr/mjDbFyAvCVgTsMb+rFdxAdGCAhNtZbpgpoU2VwzTP1tT0pSKDIvXTFAV74RXh652/E=
X-Received: by 2002:aca:de44:: with SMTP id v65mr9243394oig.135.1559766561100; Wed, 05 Jun 2019 13:29:21 -0700 (PDT)
MIME-Version: 1.0
References: <CAMCcN7TnnzLrUxbwvKEdB10Q2XBn=rJKVDg_mfcY8ZfCbj=22Q@mail.gmail.com> <7A857F01-3494-4F57-BCC0-C5DE3DBB96E3@wire.com>
In-Reply-To: <7A857F01-3494-4F57-BCC0-C5DE3DBB96E3@wire.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Wed, 05 Jun 2019 13:29:00 -0700
Message-ID: <CAL02cgTRdXJrtMhn_H6TXscFm=XjwHfu-SzhqZ7E=mLhPmxaKA@mail.gmail.com>
To: Raphael Robert <raphael=40wire.com@dmarc.ietf.org>
Cc: Messaging Layer Security WG <mls@ietf.org>, Marek Jankowski <mjankowski309@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000ceab2c058a997358"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/L8CdH6eBlms9Q_4ycfbG9HBJ1bo>
Subject: Re: [MLS] Group ID
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jun 2019 20:29:24 -0000

Like Raphael, I'm not concerned about the ordering requirement, since we
already have an ordering requirement.  Note, however, that whatever
identifier is used here will probably have to be stable within an epoch, so
the DS will still be able to see traffic volumes within an epoch.  The DS
may also be able to use time correlations to infer which opaque groupID
values represent the same group.

That still seems like it makes it harder for the DS to be malicious, so it
seems worthwhile to me.  Benjamin Beurdouche had raised a similar idea
earlier, of replacing the (groupID, epoch) pair with a single ID that is
opaque to the DS.  I'm increasingly thinking that that's probably the way
to go.  Marek / Benjamin, if you'd like to update PR#152 to do this, that
could help move this along.


I wonder if we still want some constant group ID value, even if it's known
only to group members.  No concrete


On Wed, Jun 5, 2019 at 1:00 AM Raphael Robert <raphael=
40wire.com@dmarc.ietf.org> wrote:

> Hi Marek,
>
> > I am aware it does not support reordering, But I'm sure one can figure
> an alternative that does.
>
> We looked into doing exactly that. Server-side ordering is unfortunately a
> hard requirement for TreeKEM, so this is an open issue. We’d be happy to
> hear about a proposal that covers both problems!
>
> Raphael
>
> > On 11 Jun 2019, at 16:33, Marek Jankowski <mjankowski309@gmail.com>
> wrote:
> >
> > Hi,
> > Regarding some issues that were raised in the last couple of months, I
> wonder if we should hide the group ID from the DS. I think the group ID is
> valuable metadata -- the DS may keep track of it and by that identify
> sudden changes in the traffic, which may leak information.
> > Please consider the following alternatives:
> > group_id[n] = HKDF-Expand-Label(confirmation_key[n-1],group_id[n-1],
> "group_id", 4)
> > I am aware it does not support reordering, But I'm sure one can figure
> an alternative that does.
> >
> > Marek.
> > _______________________________________________
> > MLS mailing list
> > MLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/mls
>
> _______________________________________________
> MLS mailing list
> MLS@ietf.org
> https://www.ietf.org/mailman/listinfo/mls
>