IETF Logo Mail Archive

Re: [MLS] Stupidest possible message protection

Watson Ladd <watsonbladd@gmail.com> Sun, 02 December 2018 22:31 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFF0F130DC7 for <mls@ietfa.amsl.com>; Sun, 2 Dec 2018 14:31:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ngbGBYAJmA81 for <mls@ietfa.amsl.com>; Sun, 2 Dec 2018 14:31:05 -0800 (PST)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E34C124D68 for <mls@ietf.org>; Sun, 2 Dec 2018 14:31:04 -0800 (PST)
Received: by mail-lj1-x22f.google.com with SMTP id u6-v6so9580692ljd.1 for <mls@ietf.org>; Sun, 02 Dec 2018 14:31:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=bxaICRJYAkdde0LbFwdBr2V9ryt3X32fjnZiyI6uS/s=; b=SLBiEWWBZFAkNUEN7iX3dE4W8gf3ypCXVXz0D2H2W4af6ezjR0p+NhRqUqGIm+H3w+ WrIisKbMQGiCKansuC1mqso2KcD7BQ7NnZs2lJRE33RzfHj1vNQiCkr0MBXDPoErX9R3 OnHpHDCOpoTRCWTUDp+KvKyoFzevODn7KVBlSuVaGLGoKRfGbqVBNmVtjq1zudVB43Rk AfjAFAXZfq1b3CvLtg1khXwxBdCU18UVQt3fGU+Q6t0U9h7j8pKvAJaUDbXBNmkZndV6 cJ8vebQx9B1DhG/ijmR9MJngIrsxD5bxfVW1zQsU3bSjBEXLCcp/38T1Mk5tYJHCNZKu 7kHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=bxaICRJYAkdde0LbFwdBr2V9ryt3X32fjnZiyI6uS/s=; b=r+3qNPv9xGEvLT2wwsMGACvheG6JDXXYdPa1BAHKZ9ardvJXnTmbxBnwfovoQ4xCsn E6qNkUS+og0cmOiq3Tnso5r6AqQ6B1TZtDcYa22VenHA37ZdnrEUiWtGl2f+qmnAPpa0 LrK5mQEAToR7Wx1ygmzlvWhCAys44NwjeEy4A/opgrhFi4jIAYnfaI4Z4tdEm/BJAYfn ozQO5/H4GuX4IYHrjNx2BJWx5aEENbJEdiscjVfBm7ooPq088L6m3YitAw85tYg+KeVI B7oPshvuFqTkvqY/yhj8l4OKjOCdkKINUYbYJ1/uI5ritymL6F//fXSFDoRifFXqbqRq qVOw==
X-Gm-Message-State: AA+aEWYJESa43/1zStyldWXUCF+KhtXCnJ179KC2dIV/43lvCpVyKQlY z7HcZxsGkKvYrkR4NeatoPABPM51ECsTkc54xNdt7A==
X-Google-Smtp-Source: AFSGD/W2yw5frgtQGZIKWpc6ulk5NR2BFvDX8N0p62kKkSxJhDL/qqr3JbbJ/NJHXcD4FS3FQfSDEGt0+bQhwQKTsCk=
X-Received: by 2002:a2e:9c52:: with SMTP id t18-v6mr7199875ljj.149.1543789862428; Sun, 02 Dec 2018 14:31:02 -0800 (PST)
MIME-Version: 1.0
References: <CAL02cgTjD==YgS848sBWEGrBBkNMAtbUXJuV6RrDmak_+Mu6fw@mail.gmail.com>
In-Reply-To: <CAL02cgTjD==YgS848sBWEGrBBkNMAtbUXJuV6RrDmak_+Mu6fw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sun, 02 Dec 2018 14:30:50 -0800
Message-ID: <CACsn0ckND-uBNwcfQTZrY+7sZr6OWqkA1_z71Jb7PHYz7yh6dg@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Cc: mls@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/RsC3vs_olXNux-g7LA2aWQcnIGg>
Subject: Re: [MLS] Stupidest possible message protection
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Dec 2018 22:31:07 -0000

On Sun, Dec 2, 2018 at 2:25 PM Richard Barnes <rlb@ipv.sx> wrote:
>
> Hey all,
>
> As we discussed in Bangkok, there are trade-offs between encrypting handshake messages and enabling the delivery service to assist with scaling.
>
> One way to try to split this baby would be to try to evaluate what information the server needs in order to provide its assistance, and leave that unencrypted.  This solution would of course require that we convince ourselves that the unencrypted bits are actually not sensitive, and would entail a fair bit of complexity in the encryption system.
>
> Another, simpler, approach we could take is to punt the decision to the application.  We would define in the document two options:
>
> 1. Send Handshake messages in the clear
> 2. Send Handshake messages encrypted as Application messages
>
> (And specify details like how you do Welcome+Add, how you disambiguate Handshake from other Application messages.)  But we would not specify which of those paths a given application would do.
>
> What do folks think about that idea?  Personally, I find it kind of appealing in its simplicity, though I acknowledge it adds another variable for interop testing / interop failure.  And if you want to make an MLS API, it's another switch to support.

Doesn't the server need to agree with the client how to do this? And
what about downgrade attacks?
>
> Cheers,
> --RIchard
>
>
> _______________________________________________
> MLS mailing list
> MLS@ietf.org
> https://www.ietf.org/mailman/listinfo/mls



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.

v2.35.0 | Report a Bug | By Email | System Status