Re: [MLS] Functional Definition of End-to-End Secure Messaging

Raphael Robert <ietf@raphaelrobert.com> Fri, 07 May 2021 08:40 UTC

Return-Path: <ietf@raphaelrobert.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFAFB3A11E8 for <mls@ietfa.amsl.com>; Fri, 7 May 2021 01:40:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=raphaelrobert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IZJnvGVrbJ9h for <mls@ietfa.amsl.com>; Fri, 7 May 2021 01:40:38 -0700 (PDT)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B4FE3A11D0 for <mls@ietf.org>; Fri, 7 May 2021 01:40:38 -0700 (PDT)
Received: by mail-ej1-x634.google.com with SMTP id s20so6874975ejr.9 for <mls@ietf.org>; Fri, 07 May 2021 01:40:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raphaelrobert.com; s=rr; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=lzKNFDRxjlTNuncS7QnAfxBigzcwHa4GjNDhUVsaE1A=; b=tJKkIQn9fuHcyGmHYfZ1Foh1iLLxGARnGaCZZGkZ+7mKrQdqaSQUPPR5xPsoYR0GJw EAsAIA9UNM928H3glWGVTxFRyTTG7mMZXIKb8noAgWa6ZL9GkXkfKX26X4pQWZ4EcKHg 3YUpxffNmcAV9N7N598N8oetc8BNNGeMlj+Ns=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=lzKNFDRxjlTNuncS7QnAfxBigzcwHa4GjNDhUVsaE1A=; b=hGKfL2plsoH+cjmPFKEilVJ8ZNkviroxQ1/FZeKrs+0IP+oRJDB+0hQLgDpwBItJHQ sWXJoJ+E5zTPVstinFhsjTlYES9nbaIvBjwGSD3pryN3JNZOZXCk84hXIi3urcppnxHn 48CoyT1n45bn8FyA5TD/Kw6OiOO48PUK+dlI9mB5K38zCyi1FpZHA/hIPkjNxDv7Inp4 B0DoRKaxUZpxzMuk8ShB5iOq/io7ldx7jW/+0WmX/6RQS1tI+SitYML2CfvkIm+cjLdz 6nrEM15Ij7aJ/v1g/1inbj2hbjWwbv6JyvQ+gg8HAem4wrZEkEjbPLXCr/8OwyDQZ6S1 rqAg==
X-Gm-Message-State: AOAM532jUkrX64c56OP+tKiYV0UCBHoKVsCV+TYmMApBfS9zodpfRwhl KZrfIFBtxrK2HGEKlZkzW/lBb4kDizTKwtOW9QU=
X-Google-Smtp-Source: ABdhPJyjfs+TNDvfpfJzbzLid9Z8pegIMzKba3ttDqnZmpEvqw7i4wfwn0fHbeWNJNl17Vt52mvBlQ==
X-Received: by 2002:a17:906:55cc:: with SMTP id z12mr2152952ejp.318.1620376835597; Fri, 07 May 2021 01:40:35 -0700 (PDT)
Received: from smtpclient.apple ([37.49.18.137]) by smtp.gmail.com with ESMTPSA id lr15sm3039941ejb.107.2021.05.07.01.40.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 May 2021 01:40:35 -0700 (PDT)
From: Raphael Robert <ietf@raphaelrobert.com>
Message-Id: <B0A56CC0-7C7C-4343-886A-020D4CCD7BCD@raphaelrobert.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_49ABECEA-4474-4690-8C12-9153CCC47188"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.43\))
Date: Fri, 7 May 2021 10:40:34 +0200
In-Reply-To: <CAFWeb9LwdSecpQdM1zvTAht+DvnYf3NCD4tcte1ZcH-pjHFRnA@mail.gmail.com>
Cc: Alec Muffett <alec.muffett@gmail.com>
To: Messaging Layer Security WG <mls@ietf.org>
References: <CAFWeb9LwdSecpQdM1zvTAht+DvnYf3NCD4tcte1ZcH-pjHFRnA@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.80.0.2.43)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/OQnteEFCSmyYQhZwTZExpJNfkdY>
Subject: Re: [MLS] Functional Definition of End-to-End Secure Messaging
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2021 08:40:53 -0000

Thanks for sharing!

You mention the prior art by Knodel et al. at the end and I’m wondering if it wouldn’t be a better starting point for discussion? Especially since it has the advantage of building upon notions that are well-defined and established in the industry.

I’m also still struggling with your definition of a “backdoor” in 4.4:

'A "backdoor" is any intentional or unintentional mechanism, in
respect of a given message and that message's set of participants,
where some PCASM of that message MAY become available to a non-
participant without the intentional action of a participant.’

You previously mentioned that intent is hard to measure and I agree with that. But I’m quite convinced a design or implementation flaw shouldn’t be called a “backdoor” until there is sufficient proof of intent. If you call it a “backdoor” right from the beginning, most people will assume that intent was there. This would be very discouraging for everyone who contributes to E2EE protocols, because it introduces the risk of being stigmatised as someone with (criminal) intent just because an honest mistake was made. Long story short, I strongly reject that notion of a “backdoor” for being intimidating.

That being said, discussion around these topics is a good thing and I’m curious to hear other people’s thoughts!

Raphael

> On 6. May 2021, at 19:56, Alec Muffett <alec.muffett@gmail.com> wrote:
> 
> Hi All,
> 
> I am drafting an I-D to offer a measurable definition of End-to-End Secure Messaging, including End-to-End Encrypted Messaging.
> 
> It's basically a "Duck Test" for End-to-End Secure Messengers: "Does <this software> quack like an E2EE-Secure Messenger, should?"
> 
> I believe that such a definition is a long-overdue necessity for settling arguments such as "Would adding a Ghost participant *really* break End-to-End Security" (answer: "yes").
> 
> I think that the MLS group might be a good workgroup for such a document. 
> 
> What do you think, please?
> 
> Current draft text:
> https://github.com/alecmuffett/draft-muffett-end-to-end-secure-messaging/blob/main/text/draft-muffett-end-to-end-secure-messaging.txt <https://github.com/alecmuffett/draft-muffett-end-to-end-secure-messaging/blob/main/text/draft-muffett-end-to-end-secure-messaging.txt>
> 
> As HTML:
> https://htmlpreview.github.io/?https://github.com/alecmuffett/draft-muffett-end-to-end-secure-messaging/blob/main/text/draft-muffett-end-to-end-secure-messaging.html <https://htmlpreview.github.io/?https://github.com/alecmuffett/draft-muffett-end-to-end-secure-messaging/blob/main/text/draft-muffett-end-to-end-secure-messaging.html>
> 
>     - Alec
> 
> --
> https://alecmuffett.com/about <https://alecmuffett.com/about>_______________________________________________
> MLS mailing list
> MLS@ietf.org
> https://www.ietf.org/mailman/listinfo/mls