IETF Logo Mail Archive

Re: [MLS] recharter text

Rohan Mahy <rohan.mahy@wire.com> Mon, 13 November 2023 06:46 UTC

Return-Path: <rohan.mahy@wire.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6ED07C151072 for <mls@ietfa.amsl.com>; Sun, 12 Nov 2023 22:46:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wire.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rnVml7BLcvIQ for <mls@ietfa.amsl.com>; Sun, 12 Nov 2023 22:45:57 -0800 (PST)
Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 894B8C15106C for <mls@ietf.org>; Sun, 12 Nov 2023 22:45:57 -0800 (PST)
Received: by mail-wr1-x430.google.com with SMTP id ffacd0b85a97d-32f737deedfso2443650f8f.3 for <mls@ietf.org>; Sun, 12 Nov 2023 22:45:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wire.com; s=google; t=1699857955; x=1700462755; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=jEiBvuiG744HhAJW8nSoH5jEbXlPzv6HX731vTOOjNc=; b=C9Nq9aHQYqx8KMneS8a2vCVS1iYIeGL3vlI9y0ob7ESqH3MTExFVNrvK0uo1CLuZSC aJAoPlU2Am51wUnVCFWNrRJUf+eUDMaifNRvofUE+/O5w/4VAx54MnoyTO9Fl7d4jDDy jUgHLCDPnXXaRYniXj1xbqCEdj6ntaFvoTM8fmb8A0nmlDlHMpkBQYblh/pAn97OACtv /V7p2c/R7jQc/Ozz8w7o3Fbnme0/mC01EVvMsCmhceYKTYuAz4ZrXpjBuu7LTe77fRW5 OaD+T08LivFs2S1MhOBwbHPbRxkAkUcEUAvHe4TI1Tylj9Wzw80lrZyVddhfewCLr3cy SE5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699857955; x=1700462755; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=jEiBvuiG744HhAJW8nSoH5jEbXlPzv6HX731vTOOjNc=; b=hwpr/yD4YFl2OlAPNh7g3Cf1j/AeZrHHU9Th31FS4UfYmJQnkI+j3QYX9Bqozz+RPV Ntwi1BPRdqBkVvvIm44wOBoF4X8rbWN1VTxpqcKIUTQS6drmUxKJ8IdvbR9IWZECQ4JU xDr3BET4Z4dtAfgARqDSiDLqcTKyA5a3FaliKZI/BfXnpYS3rMA+c1O6KRgBYEUPU3A8 q/PO+2uwaMMoJMwq14hsg1csoRtZNnrlEkfsY1ELbfjAvKIwFZQ+1BUZJeY/13h4/nYH tk5gCWlb1jb0R6+fsYVXE4Kc/rRGsbFxODsKgzccoHaLcM6Jdiq03RojwLJncdp7aAso /yzA==
X-Gm-Message-State: AOJu0YzK13T5QlsasiRRx3HM3lnGBvxOpdu1t/Rit3yIq9lFvjYNqhEL lzvC0wUo1aN8yTssH3jjd/C/JC/hnkDGJKVGF8LFPw==
X-Google-Smtp-Source: AGHT+IEjREvbfG/HQaAEHnTlzUkQZAxEiKVrAxfwJI+zKjG3EP+hUkOD4UVYGt+HxLCrOOB6MYsQ13UP0a6DUVyqaEQ=
X-Received: by 2002:a5d:5984:0:b0:32d:8c6d:cda4 with SMTP id n4-20020a5d5984000000b0032d8c6dcda4mr4732990wri.43.1699857954419; Sun, 12 Nov 2023 22:45:54 -0800 (PST)
MIME-Version: 1.0
References: <E7722644-F886-46AF-A262-D3404CBDC99B@sn3rd.com> <CACsn0cnXFs4R90F=7mvXsYggN=_QRJCvBVW+VF4EHd_8oEE8wg@mail.gmail.com> <3ee585b6-5144-d65b-75e0-5f78ab7cdb53@nohats.ca> <CAJTd26Keyirkwdm3wS4oDphiOjvuDjHUR65ryE2Vt4ApBvf1Kw@mail.gmail.com>
In-Reply-To: <CAJTd26Keyirkwdm3wS4oDphiOjvuDjHUR65ryE2Vt4ApBvf1Kw@mail.gmail.com>
From: Rohan Mahy <rohan.mahy@wire.com>
Date: Mon, 13 Nov 2023 07:45:43 +0100
Message-ID: <CACW8--P9PzkyKmN5-j71CA4vzhBq3qGTP2PJFsExbF3G3Z9Bnw@mail.gmail.com>
To: Brendan McMillion <brendanmcmillion@gmail.com>
Cc: Paul Wouters <paul@nohats.ca>, Watson Ladd <watsonbladd@gmail.com>, Sean Turner <sean@sn3rd.com>, MLS List <mls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008acbfb060a0305a5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/LrqwWvDxKP8t74bbguO1qGG_H8w>
Subject: Re: [MLS] recharter text
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2023 06:46:01 -0000

A couple of comments inline:

On Sun, Nov 12, 2023 at 11:17 PM Brendan McMillion <
brendanmcmillion@gmail.com> wrote:

> "Support for common operational patterns in messaging applications" -- On
> the other hand this seems too broad, in that arbitrary endless work could
> fit under this umbrella. The two drafts listed under this category are
> "Last resort KPs" and "KP context". I've been concerned about the utility
> of these drafts. They specify that new information be put inside of the
> KeyPackage and signed. But I don't believe there's much security value in
> having this information signed. The drafts also require application logic
> outside of the extension to work correctly, so using the extension is not
> any operationally simpler than a solution that's entirely application-level.
>

Are you calling my baby ugly?   ;-)

Brendan, I don't think you are considering the system implications of
claiming KeyPackages. In many systems, the client that generates the
KeyPackages is offline when they are claimed. How would the requester of a
KeyPackage get an appropriate KeyPackage from the target's provider, and
how would the target's provider know which KeyPackage to provide unless we
specify the necessary fields? Sure, if the target is always online you can
do this at the application level, but the target is not always online.


> I'd also like to see a call-out to work on support for the "user trees"
> idea that was mentioned during the meeting.
>

While I am super excited about this, we don't even have an internet draft
yet. Maybe we could finish some of the work that is close to publication,
and then add this? I like the idea of doing a lite recharter every 6
months, and I think this would be consistent with that approach.

Thanks,
-rohan

v2.23.0 | Report a Bug | By Email