Re: [MLS] Deniability -> "recording"?

Dave Cridland <dave@cridland.net> Thu, 23 January 2020 14:30 UTC

Return-Path: <dave@cridland.net>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3245120801 for <mls@ietfa.amsl.com>; Thu, 23 Jan 2020 06:30:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cridland.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZPRjznacqZJu for <mls@ietfa.amsl.com>; Thu, 23 Jan 2020 06:30:23 -0800 (PST)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 694CE120133 for <mls@ietf.org>; Thu, 23 Jan 2020 06:30:23 -0800 (PST)
Received: by mail-lf1-x12d.google.com with SMTP id z26so2412936lfg.13 for <mls@ietf.org>; Thu, 23 Jan 2020 06:30:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YTZuZoyVNtZ/RqoU8JBleYTipq3+8KqODW4JFMdC2dM=; b=ZM2aDinE5S1PfverChah5uuthXsjdAJRxU+nZtDA+a6zCPTdo4vx27p5NowFMfP8hr JHHysvRhd2BfsNo0VQRQOxrokWumKP7V1yoj6ykCA1Nihb6HCQIG1tWAb9eWL9C+bftl R0RW9vTtabpBKaGc5JmnTVuytYMSUVb855oXE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YTZuZoyVNtZ/RqoU8JBleYTipq3+8KqODW4JFMdC2dM=; b=fzQAN89V65U9CV7YHf31SMTlZz3xa1FCh1bIl+fW1qaO4e/ruC1AN1PxjyEkeij8Yq tpAKwGlS4F0Z8sFHCi1IjTKeHwP+2PofKzMOeyTVTwa7fHdC3qnTjbXpgIeDubq3IAC/ JYRpktSYPdLFUJdeSYQidyE/7eE2lkpSsQkt5eNSO4a1qrQ0DCgQzgGSCIL/oaOlEp4F kC4vmbc9VNcdzv4X3nKKW+VOOQ4I5Ynobtm/ZewP4jr5hm4ALuyUAxRF20K/mjN2zStk zkAVDQ3TpPBwnvYhyGFOYanZDHD1Rg5O9kptjPoFfo+TkUxNrOhwigye/q9ciAEAbwGL nz/w==
X-Gm-Message-State: APjAAAUXCl6Eu6XPK3BuoJYTBwl96gTw6DYzCQnm1nDovOdlebEjgQkH QHxjtM21HkBs3RO3UQtixV2uR/s+vAM1eCR9MI1G9w==
X-Google-Smtp-Source: APXvYqwNcYa9xod3s3yvCVwuY94CZylAfjlmZR5cEbuoptvwBNEIYYExlKc/T806cKlXI3BZ6vnwXBhTkvXfPQqnbXo=
X-Received: by 2002:ac2:5467:: with SMTP id e7mr4448166lfn.74.1579789821634; Thu, 23 Jan 2020 06:30:21 -0800 (PST)
MIME-Version: 1.0
References: <2060195243.218290.1579787145340.ref@mail.yahoo.com> <2060195243.218290.1579787145340@mail.yahoo.com> <eefe9673-37e0-d244-14c5-dd34e4256cf7@gmail.com>
In-Reply-To: <eefe9673-37e0-d244-14c5-dd34e4256cf7@gmail.com>
From: Dave Cridland <dave@cridland.net>
Date: Thu, 23 Jan 2020 14:30:10 +0000
Message-ID: <CAKHUCzzV1Rs+iVUYpXt7kjn+ockynCpw72Erwp3FE391Rt6VMQ@mail.gmail.com>
To: Cas Cremers <cas.cremers@gmail.com>
Cc: "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>, "jon@callas.org" <jon@callas.org>, "raphael=40wire.com@dmarc.ietf.org" <raphael=40wire.com@dmarc.ietf.org>, "mls@ietf.org" <mls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000237e7c059ccf7bc8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/Pa4lStbSDjpTeqTkabBkpVcSI0E>
Subject: Re: [MLS] Deniability -> "recording"?
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 14:30:26 -0000

On Thu, 23 Jan 2020 at 13:59, Cas Cremers <cas.cremers@gmail.com> wrote:

> We're aiming for security first, I think.


If we mandate deniability and mandate PFS, then the risk is that the threat
model ends up less applicable.

We can work around the PFS by (in effect) using MLS as a groupwise key
exchange protocol and exporting a longer term key for message encryption,
but if we destroy cryptographic integrity post-facto, as I assume we mean
by deniability, then that makes life increasingly unpleasant for the cases
where people actually want different properties.

In short, preventing various groups making use of MLS is not security first.

Dave.