IETF Logo Mail Archive

Re: [MLS] Proposals for handling concurrent messages

Matthew Hodgson <matthew@matrix.org> Fri, 22 March 2019 23:17 UTC

Return-Path: <matthew@matrix.org>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45C8812705F for <mls@ietfa.amsl.com>; Fri, 22 Mar 2019 16:17:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=matrix.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5lAirJkp8aFx for <mls@ietfa.amsl.com>; Fri, 22 Mar 2019 16:17:43 -0700 (PDT)
Received: from hermes.matrix.org (hermes.matrix.org [83.136.254.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2511124BAA for <mls@ietf.org>; Fri, 22 Mar 2019 16:17:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=matrix.org; s=hermes; h=To:References:Message-Id:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version:Content-Type; bh=M53eTa+OVCThvgHSIQbKVviN3RX63EHZ3kUTNiofTQY=; b=tEWGLixyNAVm/G8jMsPMWIpNk7YAdtgGYtgjxAFcAKozm27pJNldX0lByfZNUZkY7tX8U0QTF7dRRZrDYai5hYlbP9wvbOpZBEKnu1z+Yz0Dgr1+3rulaEPy7mvWGAj3P/Maor8Ts47V7ZK0rfdtqf48nzCuqP+v1ir/Kn4YvR3NBQLeOKzvFFzRujx0hJDbBTHrUmTaX7TVhz04i0p+QjZCIKynEbPdT4MVubTrZveTqeZsBLIF1q6uVjWI9swctgGN/e90RxvqjrVBJEF3VIBU4FH7LRXhtifIjGPX7oLgjumJLe/uix6UemTRvs2731KRwzcZdf9PKgD7qzBmhw==;
Received: from cpc87909-haye27-2-0-cust43.17-4.cable.virginm.net ([92.234.32.44] helo=[192.168.0.75]) by hermes.matrix.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <matthew@matrix.org>) id 1h7TPx-0005UW-PT; Fri, 22 Mar 2019 23:17:41 +0000
Content-Type: multipart/alternative; boundary="Apple-Mail-1D28557E-089D-4D3D-A00B-7EBB6343B55B"
Mime-Version: 1.0 (1.0)
From: Matthew Hodgson <matthew@matrix.org>
X-Mailer: iPhone Mail (16D57)
In-Reply-To: <CAL02cgQ-2gR9VK=_LthYO7fSGnDoaYei6dhuFjjdZQ7-aMSBaA@mail.gmail.com>
Date: Fri, 22 Mar 2019 23:17:34 +0000
Cc: "M.A.L. Weidner" <malw2@cam.ac.uk>, "mls@ietf.org" <mls@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <252D1744-22C1-49DE-84A2-12EDF0419663@matrix.org>
References: <CADSARUtSRJGW=z=9Spi=D87mOG34NCTswEcQMeeftv9x6gathQ@mail.gmail.com> <CAL02cgQ-2gR9VK=_LthYO7fSGnDoaYei6dhuFjjdZQ7-aMSBaA@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/RQZrRyAET5jy3OLmXxIfeu8qTtQ>
Subject: Re: [MLS] Proposals for handling concurrent messages
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Mar 2019 23:17:46 -0000

> On 20 Mar 2019, at 15:23, Richard Barnes <rlb@ipv.sx> wrote:
> 
> I would be interested to hear folks' thoughts on whether the benefits of reduced synchronization would be worth the costs of limiting DH group selection (either old ECDH or new stuff without a lot of implementation).

On the Matrix side we are still very much hoping that MLS will somehow support reduced synchronisation, as otherwise the sequencing of membership changes acts as a very undesirable centralising force when communicating in otherwise decentralised groups. The below approach seems quite promising and from our perspective could merit picking curves which support it.

Matthew

>> On Tue, Mar 19, 2019 at 6:33 PM M.A.L. Weidner <malw2@cam.ac.uk> wrote:
>> Dear MLS Working Group,
>> 
>> I've attached a document that details some proposals for how to better handle concurrent messages; see mainly Section 2.
>> 
>> The basic idea is to use some operator * which "combines" key pairs.  E.g., for Diffie-Hellman keys, (x, g^x) * (y, g^y) = (x + y (mod |g|), g^x g^y).
>> 
>> With this operator, we can combine concurrent updates.  E.g., if a updates with x and b updates with y, then the tree changes by: (embedded image)
>> <causal_fig2.png>
>> With some extra effort, I believe we can even support concurrent Adds (Section 3.3).
>> 
>> My apologies if there are mistakes or if this has been discussed before.
>> 
>> Best,
>> Matthew Weidner
>> MPhil Student
>> Computer Laboratory, Cambridge
>> _______________________________________________
>> MLS mailing list
>> MLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/mls
> _______________________________________________
> MLS mailing list
> MLS@ietf.org
> https://www.ietf.org/mailman/listinfo/mls

v2.23.0 | Report a Bug | By Email