Re: [MLS] Functional Definition of End-to-End Secure Messaging

[Sofía Celi <cherenkov@riseup.net>]

Dear, Raphael,

Thank you so much you all for this very interesting thread.

> Regarding the definition of an “end”, draft-knodel-e2ee-definition-01
> has section 2.1, 4.3 & 4.5. Your draft has section 4.1 & 5. In my mind
> both drafts could be a bit more assertive here. I like that you
> introduce different types of participants. I think that point is
> particularly important, because if the participants are not just “humans
> with a messenger app”, it begs the question who has control over the
> messages that were received by that participant. Other humans who are
> not part of the “conversation”? Future participants of the
> “conversation”? A machine that will scan the message content and act on
> it? In the end this defines what “confidentiality” really means, besides
> the academic definition.

These are really interesting points. I see four points:

* Future or past recipients of a conversation: it could be that a
conversation is read prior to the intended recipient, or after the
intended recipient. This is somewhat not cover in every day
applications, as someone else can get access to a device and read the
messages intended for a recipient. In those terms, I think this is
described as 'secure' for the network (and the intended recipient is the
device, then); but if a device is compromised, then the contents could
be potentially read by someone else. A point to include here then is the
idea of 'disappearing messages', as a property for trying to avoid this.
But if a message is read and disappeared prior to the actual "recipient"
reading it, then the purpose is also lost. It could also be that someone
asks you to show the contents of a conversation, as it has happened to
many while crossing borders or an abusers that controls the devices in a
case of domestic violence.
* Messages read by something that is not a "human": this could be a bot
that is part of a conversation (but should it be?, if so, it should be
disclosed to the sender-s-, and potentially properly "authenticated") or
malware in the device itself.
* Messages read by a backdoor or vulnerability: I think that if an
application has a backdoor (with the whole purpose of having it there to
read the contents) then it is not end-to-end encrypted. If someone or
something is added to the conversation, then it should be authenticated
and disclosed.
* Multiple devices: this could be better explained by stating that the
intended recipients could be multiple devices (these all have to be
authenticated to the conversation).

I really like all of these points (for taking them into account).
@Mallory, I can add some ideas around this to our draft and we can
discuss all further ;)

Thank you,

-- 
Sofía Celi
@claucece
http://claucece.github.io/
Cryptographic research and implementation at many places, but mainly at
Cloudflare
FAB9 3EDC 7CDD 1198 DCFD  4558 91BB 6B45 6F44 2D02