[MLS] Two poorly defined aspects of the spec

Cornelissen Eric <eric.cornelissen@aalto.fi> Thu, 06 August 2020 10:02 UTC

Return-Path: <eric.cornelissen@aalto.fi>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 149F83A10BE for <mls@ietfa.amsl.com>; Thu, 6 Aug 2020 03:02:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aalto.fi
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WpAzW2Oe9oWI for <mls@ietfa.amsl.com>; Thu, 6 Aug 2020 03:02:15 -0700 (PDT)
Received: from smtp-out-02.aalto.fi (smtp-out-02.aalto.fi [130.233.228.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8AD33A10BA for <mls@ietf.org>; Thu, 6 Aug 2020 03:02:14 -0700 (PDT)
Received: from smtp-out-02.aalto.fi (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 472812713F5_F2BD521B for <mls@ietf.org>; Thu, 6 Aug 2020 10:02:09 +0000 (GMT)
Received: from exng3.org.aalto.fi (exng3.org.aalto.fi [130.233.223.22]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (Client CN "exng3.org.aalto.fi", Issuer "org.aalto.fi RootCA" (not verified)) by smtp-out-02.aalto.fi (Sophos Email Appliance) with ESMTPS id E54B82713F2_F2BD520F for <mls@ietf.org>; Thu, 6 Aug 2020 10:02:08 +0000 (GMT)
Received: from exng5.org.aalto.fi (130.233.223.24) by exng3.org.aalto.fi (130.233.223.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1979.3; Thu, 6 Aug 2020 13:02:08 +0300
Received: from exng4.org.aalto.fi (130.233.223.23) by exng5.org.aalto.fi (130.233.223.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1979.3; Thu, 6 Aug 2020 13:02:08 +0300
Received: from exng4.org.aalto.fi ([fe80::4047:1ae:cfdf:c1a8]) by exng4.org.aalto.fi ([fe80::4047:1ae:cfdf:c1a8%18]) with mapi id 15.01.1979.003; Thu, 6 Aug 2020 13:02:08 +0300
From: Cornelissen Eric <eric.cornelissen@aalto.fi>
To: "mls@ietf.org" <mls@ietf.org>
Thread-Topic: Two poorly defined aspects of the spec
Thread-Index: AQHWa9hzVoJJMfPk+kK5poDHTeMmXg==
Date: Thu, 6 Aug 2020 10:02:08 +0000
Message-ID: <af4a72d6f3ae4c809367222386340e6c@aalto.fi>
Accept-Language: en-US, fi-FI
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.233.0.5]
Content-Type: multipart/alternative; boundary="_000_af4a72d6f3ae4c809367222386340e6caaltofi_"
MIME-Version: 1.0
X-SASI-RCODE: 200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aalto.fi; h=from:to:subject:date:message-id:content-type:mime-version; s=its18; bh=hZNatypOw/nG9//a67ATPvA+RjtHIE0FKDbqyVsjoY4=; b=febIH42Wufcg+V6mimSalw4z0+h+ZJzZgF/SA2W4+Pm7yCYCIhPh7Vpj7x7kXNbD5WGxnWwPAk7/Pv8li9lGkVJw97BHrD235bK9o5T/2gWAms5/68wRzp5VFUNHECrc24Lke8SKXkQPWenntuUtATEvH9SxDt8/voOyanRkFRkev+pQ1Qxcl+pET9z05A3MuAmwQIjQwxhe0q1EIOe2Tj6RaTGUE+Fce35C1LJunGXPCGXSz4g3sWnQwYcqSpwdT/347LypgfbnxG9zrCHrpnps7N2jMxZW3lSr3Z/gvKPpg7fkchzprKKJXkftD5pDVuL5Xs1YQqrE+nsBgH8ifQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/YEVfu0oq4BqzGvteBI8EpX3F1b4>
Subject: [MLS] Two poorly defined aspects of the spec
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2020 10:02:17 -0000

Hi All,


I have two questions about things that are unclear to me in the current state of the spec as they are undefined/poorly defined.



1. What is the intended value of interim_transcript_hash_[0]?

>From the current draft I cannot definitively (i.e. with 100% certainty) say whether the value of the first interim_transcript_hash should be:

a. "the zero-length octet string" following the last line of Group state section<https://github.com/mlswg/mls-protocol/blob/39455d2ea5e8fb42e8f0f0624bddd8c56675da0e/draft-ietf-mls-protocol.md#group-state><https://github.com/mlswg/mls-protocol/blob/master/draft-ietf-mls-protocol.md#group-state>up-state>, or
b. a value derived based on the MLSPlaintextCommitAutData for the first commit concatenated with 0:
    interim_transcript_hash_[0]
        = Hash(confirmed_transcript_hash_[0] || MLSPlaintextCommitAuthData_[0])
        = Hash(0 || MLSPlaintextCommitAuthData_[0])

The draft strongly suggests to me that it is the former, but the latter seems to more accurately reflect the statement "The confirmed_transcript_hash field contains a running hash over the messages that led to this state."

In the case that a is correct I would suggest updating the definition of interim_transcript_hash_[n] to:

    interim_transcript_hash_[0] = 0
    interim_transcript_hash_[n] =
        Hash(confirmed_transcript_hash_[n] ||
            MLSPlaintextCommitAuthData_[n]);

In the case that b is correct I would suggest adding a "warning" that says something along the lines of "as a placeholder value" to the place(s) where the draft says that the interim_transcript_hash of a group is initialized to 0.


2. What is the `members` array mentioned in the Group creation section<https://github.com/mlswg/mls-protocol/blob/39455d2ea5e8fb42e8f0f0624bddd8c56675da0e/draft-ietf-mls-protocol.md#group-creation>?

In that section it is stated that "A new member receiving a Welcome message can recognize group creation if the number of entries in the `members` array is equal to the number of leaves in the tree minus one." First of all, it is not clear what this `members` array is. It seems this refers to a field of the now-removed Init struct. Interestingly this struct was removed in the very same PR that added the above sentence (see #239<https://github.com/mlswg/mls-protocol/pull/239>). But I wasn't able to really figure out what the draft-09 equivalent of it should be.

In addition, I'm pretty sure this technique would no longer work to detect group creation (but that would depend on how the sentence should be updated).


Regards,
Eric