IETF Logo Mail Archive

Re: [MLS] [Mls] Comments on Charter

Richard Barnes <rlb@ipv.sx> Sun, 18 March 2018 15:45 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77398127AD4 for <mls@ietfa.amsl.com>; Sun, 18 Mar 2018 08:45:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cPPwfMqKXdIJ for <mls@ietfa.amsl.com>; Sun, 18 Mar 2018 08:45:22 -0700 (PDT)
Received: from mail-wr0-x230.google.com (mail-wr0-x230.google.com [IPv6:2a00:1450:400c:c0c::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB09F12711B for <mls@ietf.org>; Sun, 18 Mar 2018 08:45:21 -0700 (PDT)
Received: by mail-wr0-x230.google.com with SMTP id u46so2129580wrc.11 for <mls@ietf.org>; Sun, 18 Mar 2018 08:45:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jci/Z3vrkRdo/3jUSyX58oq2st1ubzBeEx+UEJsV4MA=; b=sc2nNHil6ZLefrGkXXtbo0IFgRPihe0xbd7Ycyqhr8xlALOdaynx7BFC0wGTFuMTV3 tVq2+zoR+ZEQ8dUHGmMzKFtR2DKr2rYVL9QJZwH9uLCU/fVyNZ3V+TsrCDETRSRnbBWp FsYQ0h1V41YLSQt+RUF4dECAfs2ozo67VHpM3R4f3XdPvJqWYpp78qhTCDUQoLeDv3dF OytmLvVGuET31Vmf9V8JyuMpblJ4ztrzu6cTVHghTC+4f5Qn/KbRPhMh+67MlWEjpw0h V6RxGdvAS6ZEGXo4dTKgexbYYxdvq75eBGOHlEHnhP6AwMi1xWVPGGVc+s5dJLzn7p2v 7t2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jci/Z3vrkRdo/3jUSyX58oq2st1ubzBeEx+UEJsV4MA=; b=MLMUo/zeUniuhlH5Wc/pI4YatgGurHc9h4fPFv2HP5F3sgEI5KWy8XrWVVkQOCgG44 oBjZgpXgGbSINnb6cz0DG06S+2QoJJbKAvlsfrq0TZ0Xy9keWrTXZiyx7AZIHaWqebGd +R1GlkIbwxHJJpvoNvFgroLqCOlotfLVuL0MWEj0Dycy7tcj5RzPzPRCFNFlq3BOHDwY JRc8d9QR5HjYGgl/A7HeXXDJJaa8e79RatsuEKrvxtypMRTZnhOOuuGQo87sphoAZz3Y Ibkz36CPHJA/0QK3SKowNtfZe1TE8l29micR4NiJ8UepD/hAN8gLeyTHAvEhlZyBbIIy ZJlA==
X-Gm-Message-State: AElRT7H0v+iCPBBtS6UBTZyH5dYht0k1GyakMtW2bnniErM6/q1iXgsd Hx05P7pu3PaNnwonjEMJR4Go0QpWRjF5lz9D7r1Bag0Wrac=
X-Google-Smtp-Source: AG47ELvA1HQUvlECEboGoEGbHu7h6Q5uJL3UTMIO2dvvmnga08zuHSe2gR2eRwoVIH2O8e/jFi4lLUtXwolrfmkClDE=
X-Received: by 10.223.187.147 with SMTP id q19mr6518543wrg.150.1521387920256; Sun, 18 Mar 2018 08:45:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.12.140 with HTTP; Sun, 18 Mar 2018 08:45:19 -0700 (PDT)
In-Reply-To: <CABcZeBP4BKstNuk-Mb7SjZep0avbZCrbqf+4uQGMTmxHQMM=rA@mail.gmail.com>
References: <c2f13ed7-7acc-85c6-607a-aba7f950dce6@a-oben.org> <CAL02cgQhuSN=b3wZMdNOYE5pZv8WOt1HM1Qcobi3QcFi9WrcVw@mail.gmail.com> <CABcZeBP4BKstNuk-Mb7SjZep0avbZCrbqf+4uQGMTmxHQMM=rA@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Sun, 18 Mar 2018 15:45:19 +0000
Message-ID: <CAL02cgQ9dH-Sw6XRTBG1z7AL5Nm2BXPo=fthJNMs2R328JS4WQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Simon Friedberger <simon.cfrg@a-oben.org>, mls@ietf.org
Content-Type: multipart/alternative; boundary="089e0820f2b88d89da0567b1bab6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/W3KDKbvJq9R5gsNaf08U20EyzcA>
Subject: Re: [MLS] [Mls] Comments on Charter
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2018 15:45:24 -0000

That sounds good to me.  I've added the following text to the Google Doc
(adapted from the QUIC charter):

"""
The specifications developed by this working group will be based on
pre-standardization implementation and deployment experience, and
generalizing the design described in:

* draft-omara-mls-architecture
* draft-barnes-mls-protocol

Note that consensus is required both for changes to the current protocol
mechanisms and retention of current mechanisms. In particular, because
something is in the initial document set does not imply that there is
consensus around the feature or around how it is specified.
"""


On Sun, Mar 18, 2018 at 3:34 PM, Eric Rescorla <ekr@rtfm.com> wrote:

> IMO the charter should just say we're adopting these documents as a
> starting point, with an explicit disclaimer about how everything needs
> consensus (the QUIC charter has some good text here). They're in a pretty
> mature state and reflect what there's already been enthusiasm for.
>
> -Ekr
>
>
> On Tue, Mar 13, 2018 at 3:57 PM, Richard Barnes <rlb@ipv.sx> wrote:
>
>> Hey Simon,
>>
>> Thanks for the comments, sorry for the delay.
>>
>> On Tue, Feb 6, 2018 at 7:11 AM, Simon Friedberger <simon.cfrg@a-oben.org>
>> wrote:
>>
>>> 1. I think key transparency should be mentioned. Key distribution is a
>>> huge semi-solved problem and leaving it out is not really an option. It
>>> seriously degrades security for the average user who does not validate
>>> keys.
>>>
>>
>> Obviously, I agree that authentication is very important, but from what
>> I've heard talking to people, there's not energy to do KT right now.  What
>> we can do now is make sure there's a slot to put a credential in, so that
>> we can leverage things like PKI that provide some benefit over manual key
>> comparison, and later on we can recharter to work on KT if there's interest.
>>
>> To clarify this, I added the following para:
>>
>> """
>> While authentication is a key goal of this working group, it is not the
>> objective of this working group to new authentication technologies.
>> Rather, the security protocol developed by this group will provide a way to
>> leverage existing authentication technologies to associate identities with
>> keys used in the protocol, just as TLS does with X.509.
>> """
>>
>>
>>
>>> 2. Federation (for example like in XMPP, where many people run their own
>>> servers just like for e-mail) probably doesn't require anything specific
>>> but it should be discussed to make sure that it works. It would also be
>>> good to take this into account when discussing authentication and key
>>> transparency to make sure it is clear which guarantees hold for people
>>> on other servers. I think it doesn't necessarily have to be in the
>>> charter but should be in any final proposal.
>>>
>>
>> I think the critical thing to test / validate is that we have
>> interoperability at the level of the specification of the protocol.  Just
>> like BoringSSL and NSS interoperate at the level of TLS, but don't assure
>> interoperability of HTTP running over them, we should be aiming for a
>> security protocol that's interoperable between independent implementations,
>> but not worried about interoperability of the rest of the stack.
>>
>> I did make the following tweak to the charter language, though:
>>
>> "to enable interoperability" -> "to enable interoperability / federation"
>>
>>
>>
>>
>>>
>>>
>>> Best Regards,
>>>
>>> Simon
>>>
>>> _______________________________________________
>>> MLS mailing list
>>> MLS@ietf.org
>>> https://www.ietf.org/mailman/listinfo/mls
>>>
>>
>>
>> _______________________________________________
>> MLS mailing list
>> MLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/mls
>>
>>
>

v2.23.0 | Report a Bug | By Email