[MLS] confirming server assist way forward

Sean Turner <sean@sn3rd.com> Thu, 06 February 2020 16:08 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1C2B312089F for <mls@ietfa.amsl.com>; Thu, 6 Feb 2020 08:08:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id azSbUlzWRJfb for <mls@ietfa.amsl.com>; Thu, 6 Feb 2020 08:08:09 -0800 (PST)
Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC049120918 for <mls@ietf.org>; Thu, 6 Feb 2020 08:08:08 -0800 (PST)
Received: by mail-qk1-x732.google.com with SMTP id v195so6010393qkb.11 for <mls@ietf.org>; Thu, 06 Feb 2020 08:08:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=42frJD93M66fujJ4nT+L8k9z/N2MmXd+sPT7SYqC9gw=; b=eG2gwfc++2UjlF+hOaJrsexVBsVu3yy8IqUQikM0hM4l7YEtYRs5wdIupahV+IijGE OCFFEtosrHmys2kJmKV6tczK+x1c2QwGGFcTS9nEB/LNZwFHzCH3rumjRwUe6OHE+i5W b/eF1hiGAGORkNRmCLXT0ylMllpFAxYFdL8mQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=42frJD93M66fujJ4nT+L8k9z/N2MmXd+sPT7SYqC9gw=; b=TDgpWYyMTkfEgl1T7H/vtcxXuciLJQ1EAxPH4yp1yt2n/IkZ9FW3a+z4n4p5axfNbv ZPwlzeIlMnk0GeKIL9U4s3dS+ByDyyFUjlLbBI6ScQqwIR6K/zPECB7vkcjudo49p+WQ qfzoOo3vyZhFogSlN85ajS/hHzXEq8qKpn2aVCfdXfOeUAEkXhZR2IAsWdvGgLVFmcpj 1z9KMbx6WSEo9sm93EezbIJf4D9I2VwdtXklE3ofjaJn49G/0+uHCEnd2pXo2qoZfkv/ JGuapAyK1KeJZRgUrKvjtxHVqAVjpamG4HFEhQtsFnwUwInxPtsTJbcdRtYzTg7z5fLu xeBA==
X-Gm-Message-State: APjAAAWCgBfpb94C1zuYakY9M0NNoOJxPAmoa03KlDgd+ZzUGGjjoYG/ J8ZJeZNUFmK12QEUdCLR1o1xc09oZjFm6voa
X-Google-Smtp-Source: APXvYqyVuultLT6rhEpVrMJHJjEujN9HwEuyOoOr0CzrKJu8n0kppUG+JjW4fB65YZAfZpaNPf2Vpg==
X-Received: by 2002:a37:8e45:: with SMTP id q66mr1065946qkd.129.1581005286785; Thu, 06 Feb 2020 08:08:06 -0800 (PST)
Received: from [] ([]) by smtp.gmail.com with ESMTPSA id h3sm1609375qkk.104.2020. for <mls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Feb 2020 08:08:05 -0800 (PST)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-Id: <D167460F-FA34-402E-A06E-809130A70132@sn3rd.com>
Date: Thu, 06 Feb 2020 17:08:04 +0100
To: Messaging Layer Security WG <mls@ietf.org>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/_9S7yrvKjOxfUiYA5mshH3qtkA8>
Subject: [MLS] confirming server assist way forward
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2020 16:08:13 -0000


tl;dr: confirming new individual draft to describe server assist.

During the F2F Interim in January, the WG had a lengthy discussion about server assist. We wrestled with the tussle between privacy and the desire to support very large groups, which just about everybody, if not everybody, believes requires some type of server assist because adding a new member to a large group requires sending megabytes of data in the Welcome message and this can be too much for some devices. Normally, the AS and DS is split and maybe these functions are collapsed in IRL, but Benjamin suggested that we split the functionality up a bit more to talk more fine-grained about the guarantees we want. The functional split suggested was as follows [0]:

- AS: Authentication Service (Signature Keys)
- DS: Delivery Service
-- CS: Credential Retrieval Service (CIKs)
-- IDS: Message Reception Service (Input)
--- IDS is responsible for message ordering.
-- ODS: Message Delivery Service (Output)
--- IDS and ODS may be combined.
- SDS: Storage Delivery Service (Welcome+Backup)
-- SDS is optional.

Likewise, they suggested that we switch from a model where there is one queue per group, to one queue per recipient.

The consensus at the interim was that it is important to support server assist and that it was equally important to provide truth in advertising, i.e., those that implement the functionality need to understand the security guarantees that are available.

There was also consensus to produce an individual draft that describes server assist. After this draft is published, the WG can review it and decide whether it should be accepted as a workable starting point and potential WG item.

The chairs need to confirm the interim’s consensus on list, so please let the WG know by 2359 UTC 20 February whether you disagree with the way forward and why.

FYI: Benjamin and Raphael volunteered to write this draft.


Nick and Sean

[0] https://github.com/mlswg/wg-materials/blob/master/interim-2020-01/04-architecture.pdf
[1] https://github.com/mlswg/wg-materials/blob/master/interim-2020-01/minutes.md