Re: [MLS] Robert Wilton's Abstain on draft-ietf-mls-protocol-17: (with COMMENT)
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 02 February 2023 19:23 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1988EC1575DA; Thu, 2 Feb 2023 11:23:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.303
X-Spam-Level:
X-Spam-Status: No, score=-1.303 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="bmNgec3C"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="fJR50Edh"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FgGo6sWamSEl; Thu, 2 Feb 2023 11:23:50 -0800 (PST)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0CF8C1575C2; Thu, 2 Feb 2023 11:23:50 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1675365811; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=w7kNS52OxEJojolCeNb4RsmWmvK7DiWAEKJBdDPUTSg=; b=bmNgec3CMUWwJymGHbYMgGtXcvrEnNgBTWdJw75VQsQPWsAtbyZgEviPv4VX8ynS5Iy2x IuwtbPz5EBY4L03Aw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1675365811; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=w7kNS52OxEJojolCeNb4RsmWmvK7DiWAEKJBdDPUTSg=; b=fJR50EdhvCOTFI0LXpqdAUB5srh9PeThxTN68sjb1NS8VA8FlyHr/sB9CMmrSFoPtXV7M u7fGvS7DhqL0t9sY5VqSyfRTWyn6cDkUN2GZsP+GX2oKXucRJ4sA3XY3Aki/0kYb5oKR3UU Rm2LouUEySmznm8wgw1exF+6q3lg4psqFDqQKKSBmEfwv+hAp/LxW7xf2V+ALxiXb+z/ZNi E3677XqmuSR1EwzwzZkvVjh1e3phdkssrzrbdspvrFtapmK6JOCus1fl8VNeFJjPUw9EL61 DfRuU9foMposfMUhkyeN04W6udI6aRof9mFu3WfrJ/ETUVhm8W2rh8yrXxkQ==
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 2FA1DF9AD; Thu, 2 Feb 2023 14:23:30 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 71E2C2031D; Thu, 2 Feb 2023 14:23:26 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Robert Wilton <rwilton@cisco.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-mls-protocol@ietf.org, mls-chairs@ietf.org, mls@ietf.org, benjamin.beurdouche@ens.fr, karthikeyan.bhargavan@inria.fr, cas.cremers@cs.ox.ac.uk, alan@wire.com, singuva@twitter.com, kwonal@mit.edu, ekr@rtfm.com, tjvdmerwe@gmail.com, sean@sn3rd.com
In-Reply-To: <167534753793.58554.8179854964604512160@ietfa.amsl.com>
References: <167534753793.58554.8179854964604512160@ietfa.amsl.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Thu, 02 Feb 2023 14:23:25 -0500
Message-ID: <87edr7oor6.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/TUENCR3wRVkiOZ83wkr_Ba41RSs>
X-Mailman-Approved-At: Thu, 02 Feb 2023 17:50:23 -0800
Subject: Re: [MLS] Robert Wilton's Abstain on draft-ietf-mls-protocol-17: (with COMMENT)
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2023 19:23:55 -0000
On Thu 2023-02-02 06:18:57 -0800, Robert Wilton via Datatracker wrote:
> In the end I decided to ballot abstain because I'm unsure whether
> standardizing MLS in really the right thing to do for end users (which
> may just be my ignorance). I'm strongly supportive of efforts to make
> messaging platforms interoperate cleanly (e.g., I'm supportive of the
> MIMI WG being chartered) and I appreciate that MLS is likely to
> underpin some of that work, but I also question whether the IETF
> standardizing this will ultimately be beneficial for societies and
> humanity (and note - I'm not advocating for pervasive monitoring, but
> preventing any ability for judicially supported interceptions for
> criminal investigations concerns me). In the limited cases where IETF
> standardization and technology choices are could directly impact the
> effectiveness of law enforcement
This is a pretty disappointing perspective to hear brought into the
IETF. Does this mean that you're comparably dubious about the work done
in TLS, QUIC, OpenPGP, LAMPS, MASQUE, TEEP, OHAI, etc? Those
cryptographic and operational frameworks could also "directly impact the
effectiveness of law enforcement."
> or conflict with democratically elected government policies then I
> think that it would be great if the IETF was able to receive and
> consider a wider range of views in the consensus process to ensure
> that we really are making the right choices.
Democratically elected governments (like all governments) can come up
with arbitrarily strange policies. Indeed, two different democratically
elected governments could come up with two different and mutually
incompatible policies, such that it's not possible to avoid being in
conflict with at least one of them. (i'll set aside the question of
which governments qualify as "democratically elected")
We are standardizing mechanisms with specific properties, that aim to
facilitate specific goals, however imperfectly. It sounds to me like
you're raising concernas about the goals of the MLS WG entirely! Even
if you believe that *some* actors should be able to have extraordinary
access, i think you'd be hard pressed to find (even within the still
relatively homogenous confines of IETF participation) a clear agreement
on *which* actors should be able to have extraordinary access and how we
can be confident that access is limited to them.
As such, we are better off standardizing mechanisms that effectively
lock out everyone but the intended parties to a communication. If any
participating party wants to share their side of the conversation with
someone else, that's a question that the protocols can't directly
address. But we should not be contemplating baked-in backdoors if we
want society in general to be able to rely on any of the mechanisms that
we specify.
I would have thought that none of this would need to be said on an IETF
list in 2023, and especially in response to a comment from an AD. but i
guess the Crypto Wars never did actually stop, did they?
--dkg
- [MLS] Robert Wilton's Abstain on draft-ietf-mls-p… Robert Wilton via Datatracker
- Re: [MLS] Robert Wilton's Abstain on draft-ietf-m… Ben Campbell
- Re: [MLS] Robert Wilton's Abstain on draft-ietf-m… Stephen Farrell
- Re: [MLS] Robert Wilton's Abstain on draft-ietf-m… Daniel Kahn Gillmor