Re: [MLS] Revised MLS charter
Cas Cremers <cas.cremers@cs.ox.ac.uk> Wed, 18 April 2018 17:14 UTC
Return-Path: <cas.cremers@gmail.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A34DD12D870 for <mls@ietfa.amsl.com>; Wed, 18 Apr 2018 10:14:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.419
X-Spam-Level:
X-Spam-Status: No, score=-1.419 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IY7FrixPo5NP for <mls@ietfa.amsl.com>; Wed, 18 Apr 2018 10:14:06 -0700 (PDT)
Received: from mail-ua0-f181.google.com (mail-ua0-f181.google.com [209.85.217.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3085012D777 for <mls@ietf.org>; Wed, 18 Apr 2018 10:14:06 -0700 (PDT)
Received: by mail-ua0-f181.google.com with SMTP id q26so1638192uab.0 for <mls@ietf.org>; Wed, 18 Apr 2018 10:14:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dGdhzL8H3fltwMifOmI+j/JuJcQZAIPzxcrH6c/hqNs=; b=ixxzfUlInkkAYXpZPK91zxQEJg60xa767D512UhR/BlYkAj8rB1x+q1yoG7WSsktOQ Qb34KRvrzOluoGy6gUv5vxOJXjeJY3xTzsEEWNwBl2e6er2a5HrzeGi2oeGPLSXUCwzC p3PBn67lA2j/mAsyQvPHRI4JFOmcdPnLw/Gs21Oc1y4361iibN/AGnVJAqQSiBFrOcAT ZSssgLZ774xLaOsh5wsjdofy80zC4oxM45lO6g0QXT7Nle12cNNPpcH33Rna+ULNqVEp PtPnC7l9EIWVGYRQSf2Zz0pn3jxMqZ56dajEQXuhpVENpxUtYiwEmnQtFogoeBrVSSUv VNYg==
X-Gm-Message-State: ALQs6tCsXlql0ioUuQZUOnel+ioLVvjDCpjXDALO8qvvZSwoXsBJCe+T BiGYt9l9e/GwLAaat5RrcXFt+WvwAhXW1PxYG90=
X-Google-Smtp-Source: AIpwx49RmJBzcs2GT4ixP1r46+w6WDleNmU1oAPaw3x4ajcwJwc2E7ZEVuJYxtpVQ2LLQrT29XGXO6hISjd0pTwr0zM=
X-Received: by 10.176.95.93 with SMTP id z29mr2147363uah.87.1524071645160; Wed, 18 Apr 2018 10:14:05 -0700 (PDT)
MIME-Version: 1.0
References: <E66143BE-F9D8-4073-A83E-10B4344BF15D@sn3rd.com> <5C447405-A453-41A3-8E58-02925FEB450D@sn3rd.com> <CAL02cgTugFZ18cJ_9Zi0syRT7kNk_Jjko9WEkOwpCSVMjJQYrg@mail.gmail.com> <CAKHUCzx9DVBBkKuwKrUzGVb6QpVP12LJD0URv4z4c2rip28K2A@mail.gmail.com> <1524066159.11012.1342515920.44B1978A@webmail.messagingengine.com>
In-Reply-To: <1524066159.11012.1342515920.44B1978A@webmail.messagingengine.com>
From: Cas Cremers <cas.cremers@cs.ox.ac.uk>
Date: Wed, 18 Apr 2018 17:13:54 +0000
Message-ID: <CABdrxL6euCM2nZiigh2j5RZ1xyTvMaa2kXifxUX-MsOdSW4xGw@mail.gmail.com>
To: Katriel Cohn-Gordon <me@katriel.co.uk>
Cc: mls@ietf.org
Content-Type: multipart/alternative; boundary="f403045fe14c05ad46056a22959f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/YZkzOmucfdSnTJJTQBQ_LGZONzk>
Subject: Re: [MLS] Revised MLS charter
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2018 17:14:10 -0000
Dear all, I am also happy with the revisions. Good to go! Cas On Wed, 18 Apr 2018, 16:42 Katriel Cohn-Gordon, <me@katriel.co.uk> wrote: > +1 > > > On Wed, 18 Apr 2018, at 4:39 PM, Dave Cridland wrote: > > LGTM. > > On 18 April 2018 at 16:18, Richard Barnes <rlb@ipv.sx> wrote: > > Hey Sean, > > This looks good to me. Ship it. > > --Richard > > On Fri, Apr 13, 2018 at 2:52 PM, Sean Turner <sean@sn3rd.com> wrote: > > Sorry I missed to minor edits from Jonathan Lennox didn’t get copied over: > > Messaging Layer Security (MLS) Charter (DRAFT) > > Several Internet applications have a need for group key establishment > and message protection protocols with the following properties: > > o Message Confidentiality - Messages can only be read > by members of the group > o Message Integrity and Authentication - Each message > has been sent by an authenticated sender, and has > not been tampered with > o Membership Authentication - Each participant can verify > the set of members in the group > o Asynchronicity - Keys can be established without any > two participants being online at the same time > o Forward secrecy - Full compromise of a node at a point > in time does not reveal past messages sent within the group > o Post-compromise security - Full compromise of a node at a > point in time does not reveal future messages sent within the group > o Scalability - Resource requirements have good scaling in the > > size of the group (preferably sub-linear) > > Several widely-deployed applications have developed their own > protocols to meet these needs. While these protocols are similar, > no two are close enough to interoperate. As a result, each application > vendor has had to maintain their own protocol stack and independently > build trust in the quality of the protocol. The primary goal of this > working group is to develop a standard messaging security protocol > so that applications can share code, and so that there can be shared > validation of the protocol (as there has been with TLS 1.3). > > It is not a goal of this group to enable interoperability / federation > between messaging applications beyond the key establishment, > authentication, and confidentiality services. Full interoperability > would require alignment at many different layers beyond security, > e.g., standard message transport and application semantics. The > focus of this work is to develop a messaging security layer that > different applications can adapt to their own needs. > > While authentication is a key goal of this working group, it is not > the objective of this working group to develop new authentication > technologies. Rather, the security protocol developed by this > group will provide a way to leverage existing authentication > technologies to associate identities with keys used in the protocol, > just as TLS does with X.509. > > In developing this protocol, we will draw on lessons learned from > several prior message-oriented security protocols, in addition to > the proprietary messaging security protocols deployed within > existing applications: > > o S/MIME - https://tools.ietf.org/html/rfc5751 > o OpenPGP - https://tools.ietf.org/html/rfc4880 > o Off the Record - https://otr.cypherpunks...ca/Protocol-v3-4.1.1.html > <https://otr.cypherpunks.ca/Protocol-v3-4.1.1.html> > > > o Signal - https://signal.org/docs/ > > The intent of this working group is to follow the pattern of > TLS 1.3, with specification, implementation, and verification > proceeding in parallel. By the time we arrive at RFC, we > hope to have several interoperable implementations as well > > as a thorough security analysis.. > > > The specifications developed by this working group will be > based on pre-standardization implementation and deployment > > experience, generalizing the design described in: > > o draft-omara-mls-architecture > o draft-barnes-mls-protocol > > Note that consensus is required both for changes to the current > protocol mechanisms and retention of current mechanisms. In > particular, because something is in the initial document set does > not imply that there is consensus around the feature or around > how it is specified. > > Milestones: > May 2018 - Initial working group documents for architecture and key > management > Sept 2018 - Initial working group document adopted for message protection > Jan 2019 - Submit architecture document to IESG as Informational > Jun 2019 - Submit key management protocol to IESG as Proposed Standard > Sept 2019 - Submit message protection protocol to IESG as Proposed Standard > > Cheers, > > spt > > > On Apr 13, 2018, at 14:09, Sean Turner <sean@sn3rd.com> wrote: > > > > All, > > > > The charter tweaks made since the BOF include tweaking (and reordering) > some of the “property” bullets: > > - added message confidentiality > > - message authentication changed to message integrity and authentication > > > > I know that Ben Schwartz mentioned that we should look at our “full > compromise” definition, but in reviewing it the way it’s used in FS and PCS > property bullets it looks okay to me. But, maybe Ben can elaborate a bit. > > > > Anyway at this point, here’s what we’re working with: > > > > > > Messaging Layer Security (MLS) Charter (DRAFT) > > > > Several Internet applications have a need for group key establishment > > and message protection protocols with the following properties: > > > > o Message Confidentiality - Messages can only be read > > by members of the group > > o Message Integrity and Authentication - Each message > > has been sent by an authenticated sender, and has > > not been tampered with > > o Membership Authentication - Each participant can verify > > the set of members in the group > > o Asynchronicity - Keys can be established without any > > two participants being online at the same time > > o Forward secrecy - Full compromise of a node at a point > > in time does not reveal past messages sent within the group > > o Post-compromise security - Full compromise of a node at a > > point in time does not reveal future messages sent within the group > > o Scalability - Resource requirements that have good scaling in the > > size of the group (preferably sub-linear) > > > > Several widely-deployed applications have developed their own > > protocols to meet these needs. While these protocols are similar, > > no two are close enough to interoperate. As a result, each application > > vendor has had to maintain their own protocol stack and independently > > build trust in the quality of the protocol. The primary goal of this > > working group is to develop a standard messaging security protocol > > so that applications can share code, and so that there can be shared > > validation of the protocol (as there has been with TLS 1.3). > > > > It is not a goal of this group to enable interoperability / federation > > between messaging applications beyond the key establishment, > > authentication, and confidentiality services. Full interoperability > > would require alignment at many different layers beyond security, > > e.g., standard message transport and application semantics. The > > focus of this work is to develop a messaging security layer that > > different applications can adapt to their own needs. > > > > While authentication is a key goal of this working group, it is not > > the objective of this working group to develop new authentication > > technologies. Rather, the security protocol developed by this > > group will provide a way to leverage existing authentication > > technologies to associate identities with keys used in the protocol, > > just as TLS does with X.509. > > > > In developing this protocol, we will draw on lessons learned from > > several prior message-oriented security protocols, in addition to > > the proprietary messaging security protocols deployed within > > existing applications: > > > > o S/MIME - https://tools.ietf.org/html/rfc5751 > > o OpenPGP - https://tools.ietf.org/html/rfc4880 > > o Off the Record - https://otr.cypherpunks.ca/Protocol-v3-4.1.1.html > > o Signal - https://signal.org/docs/ > > > > The intent of this working group is to follow the pattern of > > TLS 1.3, with specification, implementation, and verification > > proceeding in parallel. By the time we arrive at RFC, we > > hope to have several interoperable implementations as well > > as a thorough security analysis. > > > > The specifications developed by this working group will be > > based on pre-standardization implementation and deployment > > experience, and generalizing the design described in: > > > > o draft-omara-mls-architecture > > o draft-barnes-mls-protocol > > > > Note that consensus is required both for changes to the current > > protocol mechanisms and retention of current mechanisms. In > > particular, because something is in the initial document set does > > not imply that there is consensus around the feature or around > > how it is specified. > > > > Milestones: > > May 2018 - Initial working group documents for architecture and key > management > > Sept 2018 - Initial working group document adopted for message protection > > Jan 2019 - Submit architecture document to IESG as Informational > > Jun 2019 - Submit key management protocol to IESG as Proposed Standard > > Sept 2019 - Submit message protection protocol to IESG as Proposed > Standard > > > > Cheers, > > > > spt > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls > > *_______________________________________________* > MLS mailing list > MLS@ietf.org > > https://www.ietf..org/mailman/listinfo/mls > <https://www.ietf.org/mailman/listinfo/mls> > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls >
- [MLS] Revised MLS charter Sean Turner
- Re: [MLS] Revised MLS charter Sean Turner
- Re: [MLS] Revised MLS charter Richard Barnes
- Re: [MLS] Revised MLS charter Dave Cridland
- Re: [MLS] Revised MLS charter Katriel Cohn-Gordon
- Re: [MLS] Revised MLS charter Cas Cremers
- Re: [MLS] Revised MLS charter Jon Millican
- Re: [MLS] Revised MLS charter Emad Omara
- Re: [MLS] Revised MLS charter Raphael Robert
- Re: [MLS] Revised MLS charter Paul Rösler