Re: [MLS] Functional Definition of End-to-End Secure Messaging
Sofía Celi <cherenkov@riseup.net> Sun, 09 May 2021 23:41 UTC
Return-Path: <cherenkov@riseup.net>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6E703A24E2 for <mls@ietfa.amsl.com>; Sun, 9 May 2021 16:41:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=riseup.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dXwGri4bLUN9 for <mls@ietfa.amsl.com>; Sun, 9 May 2021 16:41:34 -0700 (PDT)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB5B33A24DF for <mls@ietf.org>; Sun, 9 May 2021 16:41:33 -0700 (PDT)
Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4Fdggc56C5zDv3q for <mls@ietf.org>; Sun, 9 May 2021 16:41:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1620603692; bh=JzCPT/7SKTQ1JgAk20KtnaKSxLvLwKja95WoAQHVMoo=; h=To:References:From:Subject:Date:In-Reply-To:From; b=s4Dn/IL4mzktU0BOM+7RMNSi4cU9m0ibZ5IEz60ZXpvyfRxvZL/77h+fumd1R9yla b8RFRrUgwD4ZQLxhyZVINzi01iMPJSE/ofMkhWwCS3BBYXYlw1RyoqHRKAJVC2Z3wQ OzoX3yuiSwpIG/QbXpbiNKYUPTQaaCiYxztGliiw=
X-Riseup-User-ID: 5B7603CEFD6745DA0EDFAE78D23F7BC246ECEFC001B3F36600FDD7EA90637E1C
Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews2.riseup.net (Postfix) with ESMTPSA id 4Fdggc1QD2z1xph for <mls@ietf.org>; Sun, 9 May 2021 16:41:31 -0700 (PDT)
To: mls@ietf.org
References: <CAFWeb9LwdSecpQdM1zvTAht+DvnYf3NCD4tcte1ZcH-pjHFRnA@mail.gmail.com> <B0A56CC0-7C7C-4343-886A-020D4CCD7BCD@raphaelrobert.com> <CAFWeb9Kb4FwzkT0Bj7jhTxnW+i3qTQanu=JRc73=WDK+NR2Jmw@mail.gmail.com> <E418B2DA-D0E3-473A-A8A1-3248766A90DF@raphaelrobert.com> <CAFWeb9LgU+eC0FVndeY-6Kf=NNUf4Lmdhuy2nKXwyK9gDE8UHg@mail.gmail.com> <C64A0465-28E7-4FFE-834A-B1EB50343574@raphaelrobert.com>
From: Sofía Celi <cherenkov@riseup.net>
Message-ID: <937f9db9-d0e2-390e-0ef8-8dfa73e993b0@riseup.net>
Date: Mon, 10 May 2021 00:41:30 +0100
MIME-Version: 1.0
In-Reply-To: <C64A0465-28E7-4FFE-834A-B1EB50343574@raphaelrobert.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/PsWKLoiP9rreIyWB_oPJ0YBd7Fc>
Subject: Re: [MLS] Functional Definition of End-to-End Secure Messaging
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 May 2021 23:41:39 -0000
Dear, Raphael, Thank you so much you all for this very interesting thread. > Regarding the definition of an “end”, draft-knodel-e2ee-definition-01 > has section 2.1, 4.3 & 4.5. Your draft has section 4.1 & 5. In my mind > both drafts could be a bit more assertive here. I like that you > introduce different types of participants. I think that point is > particularly important, because if the participants are not just “humans > with a messenger app”, it begs the question who has control over the > messages that were received by that participant. Other humans who are > not part of the “conversation”? Future participants of the > “conversation”? A machine that will scan the message content and act on > it? In the end this defines what “confidentiality” really means, besides > the academic definition. These are really interesting points. I see four points: * Future or past recipients of a conversation: it could be that a conversation is read prior to the intended recipient, or after the intended recipient. This is somewhat not cover in every day applications, as someone else can get access to a device and read the messages intended for a recipient. In those terms, I think this is described as 'secure' for the network (and the intended recipient is the device, then); but if a device is compromised, then the contents could be potentially read by someone else. A point to include here then is the idea of 'disappearing messages', as a property for trying to avoid this. But if a message is read and disappeared prior to the actual "recipient" reading it, then the purpose is also lost. It could also be that someone asks you to show the contents of a conversation, as it has happened to many while crossing borders or an abusers that controls the devices in a case of domestic violence. * Messages read by something that is not a "human": this could be a bot that is part of a conversation (but should it be?, if so, it should be disclosed to the sender-s-, and potentially properly "authenticated") or malware in the device itself. * Messages read by a backdoor or vulnerability: I think that if an application has a backdoor (with the whole purpose of having it there to read the contents) then it is not end-to-end encrypted. If someone or something is added to the conversation, then it should be authenticated and disclosed. * Multiple devices: this could be better explained by stating that the intended recipients could be multiple devices (these all have to be authenticated to the conversation). I really like all of these points (for taking them into account). @Mallory, I can add some ideas around this to our draft and we can discuss all further ;) Thank you, -- Sofía Celi @claucece http://claucece.github.io/ Cryptographic research and implementation at many places, but mainly at Cloudflare FAB9 3EDC 7CDD 1198 DCFD 4558 91BB 6B45 6F44 2D02
- [MLS] Functional Definition of End-to-End Secure … Alec Muffett
- Re: [MLS] Functional Definition of End-to-End Sec… Raphael Robert
- Re: [MLS] Functional Definition of End-to-End Sec… Alec Muffett
- Re: [MLS] Functional Definition of End-to-End Sec… Dave Cridland
- Re: [MLS] Functional Definition of End-to-End Sec… Alec Muffett
- Re: [MLS] Functional Definition of End-to-End Sec… Raphael Robert
- Re: [MLS] Functional Definition of End-to-End Sec… Alec Muffett
- Re: [MLS] Functional Definition of End-to-End Sec… Raphael Robert
- Re: [MLS] Functional Definition of End-to-End Sec… Alec Muffett
- Re: [MLS] Functional Definition of End-to-End Sec… Alec Muffett
- Re: [MLS] Functional Definition of End-to-End Sec… Raphael Robert
- Re: [MLS] Functional Definition of End-to-End Sec… Alec Muffett
- Re: [MLS] Functional Definition of End-to-End Sec… Alec Muffett
- Re: [MLS] Functional Definition of End-to-End Sec… Raphael Robert
- Re: [MLS] Functional Definition of End-to-End Sec… Sofía Celi
- Re: [MLS] Functional Definition of End-to-End Sec… Alec Muffett
- Re: [MLS] Functional Definition of End-to-End Sec… Alec Muffett
- Re: [MLS] Functional Definition of End-to-End Sec… Mallory Knodel
- Re: [MLS] Functional Definition of End-to-End Sec… Alec Muffett
- [MLS] secure & end Re: Functional Definition of E… Mallory Knodel
- Re: [MLS] Functional Definition of End-to-End Sec… Raphael Robert
- Re: [MLS] Functional Definition of End-to-End Sec… Alec Muffett
- Re: [MLS] secure & end Re: Functional Definition … Alec Muffett