Re: [MLS] Functional Definition of End-to-End Secure Messaging

[Alec Muffett <alec.muffett@gmail.com>]

Hi Sofía!

On Mon, 10 May 2021 at 00:41, Sofía Celi <cherenkov@riseup.net> wrote:

>
> These are really interesting points. I see four points:
>
> * Future or past recipients of a conversation: it could be that a
> conversation is read prior to the intended recipient, or after the
> intended recipient. This is somewhat not cover in every day
> applications, as someone else can get access to a device and read the
> messages intended for a recipient. In those terms, I think this is
> described as 'secure' for the network (and the intended recipient is the
> device, then); but if a device is compromised, then the contents could
> be potentially read by someone else.


Exactly.  This is the concept of the Trusted Computing Base, in a nutshell:
https://en.wikipedia.org/wiki/Trusted_computing_base




> A point to include here then is the
> idea of 'disappearing messages', as a property for trying to avoid this.
>

They are very useful - I am a strong convert to them, although they are not
obligatory for an end-to-end secure messaging network.



> But if a message is read and disappeared prior to the actual "recipient"
> reading it, then the purpose is also lost.


Yes; or alternatively if they exist until "N" hours or days after being
read on any given device, there are other models where their purpose is
also lost.

On that basis, it's up to the user to make wise choices and use of the
features that exist *beyond* basic end-to-end security.


* Messages read by something that is not a "human": this could be a bot
> that is part of a conversation (but should it be?, if so, it should be
> disclosed to the sender-s-, and potentially properly "authenticated") or
> malware in the device itself.
>

If a "Bot" should be disclosed to a sender, should it also be disclosed
that the user is using an assistive spellchecker app?

Or an assistive keyboard app which may exfiltrate content to Chinese state
authorities?

Example of this latter debate:
https://www.reddit.com/r/privacytoolsIO/comments/kzpxwt/opinions_on_naomi_wu_signal_ime_vulnerability/

Hence why I believe that it is not tenable to pursue disclosures of
anything beyond "these are the participants within this conversation, and
the rest of the universe is outside".

Or perhaps those "assistive apps" exist as backdoors, in which case:

* Messages read by a backdoor or vulnerability: I think that if an
> application has a backdoor (with the whole purpose of having it there to
> read the contents) then it is not end-to-end encrypted.


...does this mean that anyone with a spellchecker (Grammarly:
https://www.silicon.co.uk/security/grammar-extension-data-leak-flaw-228005)
or chinese keyboard, is excluded from what being we would call "end-to-end
secure"?

The only resolution for this that I can see - that is even possible? - is
for the participant to define their "trusted computing base".  Hence this
draft standard.


> If someone or
> something is added to the conversation, then it should be authenticated
> and disclosed.
>

Strongly concur.



> * Multiple devices: this could be better explained by stating that the
> intended recipients could be multiple devices (these all have to be
> authenticated to the conversation).
>

What if one device has several heads, such as "WhatsAppForWeb"?  Should
those be disclosed?

Should a victim of domestic abuse attempting to escape - or: a philanderer
- be "outed" as having a second phone?  As using a secret laptop?

     - alec

-- 
https://alecmuffett.com/about