IETF Logo Mail Archive

Re: [MLS] Hiding content type

Brendan McMillion <brendan@cloudflare.com> Tue, 28 July 2020 22:05 UTC

Return-Path: <brendan@cloudflare.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E13F3A09FC for <mls@ietfa.amsl.com>; Tue, 28 Jul 2020 15:05:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vhCSotIgGx_O for <mls@ietfa.amsl.com>; Tue, 28 Jul 2020 15:05:11 -0700 (PDT)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E4103A08AE for <mls@ietf.org>; Tue, 28 Jul 2020 15:05:11 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id b25so16148607qto.2 for <mls@ietf.org>; Tue, 28 Jul 2020 15:05:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=L2I0nABi1Sd0RPQbpYKIgdQOjzQPkPJJT1XTN00RcsI=; b=sKCrF6UUICHJcjhqZpFKibqn809lDj4nc73XS4PGEpqTrEqZCGLkd7ioFfRoKNz8eU IvQe+wxzwbUEboWWuOaRGlXj8q42LFyIuq1uG8mepDl/iJlf50gqxSV4+nZ3jSpFs2eL PO8HWZ18q/0sA7U8s6R13MCG7+GFd1L7qO7L0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=L2I0nABi1Sd0RPQbpYKIgdQOjzQPkPJJT1XTN00RcsI=; b=o4O/HY5eCAt/owP0n/hL9hHzGF4dbi+r6GKPvdhwAJZPrH+9ERaCYsCM3epOA4MqM3 As1PdvnXkggx3UVyJvWfn1dTZWZFE0B3J1Mr9K6DH48PycmX9iIZXWZ/nY8GrdxOUR1O MstO6UgiKYL6Env7OjwPIp2sesxI+diFG/pJo3TRAQqRbaykDW8JLVrFaJJ7DanuIAH5 pZva37/K745gH+wNXhesYBm1lK5QoHLmM+m+OrjnmqKkOYv5PZKjkc+7pnck4Dq3IjHr GGY/JtAb3jtmyKgyCVl1aGHl3LUxeb3VENAq0SzQ6941lnc0AWDC4xhdj6EBFl/K3IGm wGOg==
X-Gm-Message-State: AOAM532upU3OfVoa6/8KQ4CW3dRjOpmS2RqTKBKrMRN4xjLFNKz8lNm7 ZDX7r4Pw0j2PeaVKIVvsqBgq26xciWQ9JsL6EkcFEg==
X-Google-Smtp-Source: ABdhPJwax9V3IkDyvaUg5+ZsskpH8fs7oeF2KaAYPpg9S5ErGUtdufEBUQ5jGcf/QVTRj3NICLNdwYjGprD7wRg7qmU=
X-Received: by 2002:aed:27d5:: with SMTP id m21mr29984878qtg.4.1595973910099; Tue, 28 Jul 2020 15:05:10 -0700 (PDT)
MIME-Version: 1.0
References: <CAL02cgT4jBiJNCoRBsBc7hRWBX0qzmZjC8B8XmJnGcZXgEiCdg@mail.gmail.com> <CABP-pSTW=7jK2hRHLYwydOyrfimfqti0Rih=BoBpqBJDfqf4QQ@mail.gmail.com> <CAL02cgT0KWJ21m70q5cL7NKBB+-Cjvb63YpgnBGoisScNqQchQ@mail.gmail.com> <CABP-pSR2UxWkKk6a_T9vN4cv89zCchNbN4YN=dS_qm5Ye4AjJA@mail.gmail.com> <FCAAD638-E0F8-4A91-90F1-1A2F1233D88F@nps.edu> <CAL02cgQBge9V3YEtnxRPOxLuMWQzg_Y1XD_cmEX=q94ou6fe7w@mail.gmail.com> <CABP-pSSQJ2dT2-mmvAYFYhvtVsRL9KWy71Zcfoxx8pMse2L=Kw@mail.gmail.com> <CAL02cgRxXjoCQX3V7TTL9aW04ywFmwQvk3vRcMadQfpATfXwHg@mail.gmail.com> <56633046-DB4C-4EE8-A83B-E88A4F430171@cloudflare.com> <CAL02cgS4n_Y5=BiWfqN20PjyCwA1uubEEnh46ExDuYK=NMdZHA@mail.gmail.com> <CABP-pSRAP-9SZMgWrdD15SFJn5y7ya9yBHvtEnP+6KBbWtqHdQ@mail.gmail.com> <CAJoqpTJ=i0M9ztHPgdLXxz0Cp6Y-WdWmZ3QZ6wGN0hpsa1RWWA@mail.gmail.com>
In-Reply-To: <CAJoqpTJ=i0M9ztHPgdLXxz0Cp6Y-WdWmZ3QZ6wGN0hpsa1RWWA@mail.gmail.com>
From: Brendan McMillion <brendan@cloudflare.com>
Date: Tue, 28 Jul 2020 15:04:59 -0700
Message-ID: <CABP-pSTxOdeKK_OBuq-MhFb=HpZuMji4O_dFycBsTqijqxdHQQ@mail.gmail.com>
To: Chelsea Komlo <chelsea.komlo@gmail.com>
Cc: Richard Barnes <rlb@ipv.sx>, "Hale, Britta (CIV)" <britta.hale@nps.edu>, Messaging Layer Security WG <mls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fbaa2d05ab87a193"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/XDOCADBfyL_BBjuaeeEfnMsd6o4>
Subject: Re: [MLS] Hiding content type
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 22:05:16 -0000

>
> While the network layer would need to protect against network-level
> traffic analysis such as timing and frequency fingerprinting, this can be
> done in a generalized way that is agnostic to the application (such as if a
> mix network were used to route traffic between the client and the DS).


In the specific case of a mix network, that's not true. The DS has at least
these variables for traffic analysis:

1. Messages which are requested in quick succession (associating messages
that are requested together with the same group)
2. How many times a message is requested (associating a message with the
number of participants in the group it was sent to)
3. Messages requested over the same circuit (Tor and similar networks often
reuse circuits for efficiency)

and may have more depending on context.

On Tue, Jul 28, 2020 at 2:37 PM Chelsea Komlo <chelsea.komlo@gmail.com>
wrote:

> On Tue, Jul 28, 2020 at 8:11 AM Brendan McMillion <brendan=
> 40cloudflare.com@dmarc.ietf.org> wrote:
>
>> But in the former class, you would be forcing the application to invent
>>> its own scheme for signaling this stuff, which risks them making decisions
>>> that are suboptimal for metadata privacy.
>>
>>
>> Making a metadata-resistant deployment of MLS would already be incredibly
>> difficult because you'd have to design your application to use the network
>> in a way that prevents useful traffic analysis. Someone who's capable of
>> this should definitely be capable of choosing how messages are identified
>> in their system.
>>
>
> While the network layer would need to protect against network-level
> traffic analysis such as timing and frequency fingerprinting, this can be
> done in a generalized way that is agnostic to the application (such as if a
> mix network were used to route traffic between the client and the DS).
> Ideally, MLS as a higher-level application would not leak additional
> information when it is received by the DS after having been sent through
> such a network.
>
>
>> The flip side, is that your construction is already suboptimal for
>> metadata privacy because the epoch id only changes once per epoch. In the
>> construction that I described, the opaque identifier changes with each
>> message. You could also imagine a system where the identifier would change
>> with time instead of with protocol messages (for example, where messages
>> are distributed over Tor circuits).
>>
>
> It is true that message fields should be bitwise unlinkable to a network
> observer (see [1] for more information on how this property is instantiated
> in routing protocols). Time can be a dangerous dependency in distributed
> systems though, so I would be careful there.
>
> [1] https://www.cypherpunks.ca/~iang/pubs/Sphinx_Oakland09.pdf
>
>

v2.23.0 | Report a Bug | By Email