Re: [MLS] multiple devices per user?

Justin Uberti <juberti@google.com> Sat, 24 March 2018 22:53 UTC

Return-Path: <juberti@google.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 626841241F5 for <mls@ietfa.amsl.com>; Sat, 24 Mar 2018 15:53:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vV-weteXBt-f for <mls@ietfa.amsl.com>; Sat, 24 Mar 2018 15:53:01 -0700 (PDT)
Received: from mail-vk0-x236.google.com (mail-vk0-x236.google.com [IPv6:2607:f8b0:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0EBA612025C for <mls@ietf.org>; Sat, 24 Mar 2018 15:53:00 -0700 (PDT)
Received: by mail-vk0-x236.google.com with SMTP id j85so9273184vke.0 for <mls@ietf.org>; Sat, 24 Mar 2018 15:53:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uuRmC4wbBAj/ABlBIr21uKHHVrN0/gmlVnDu+XcOmrA=; b=GM6Wn9uxTDCPP5YCjTsnypwqkqsptrPz4ln/XbaRUJqUBuGZJDR1YFr2lNBPBetTvY dKoBRjEAkD3XtTuUtUS6R9jjyllUaBS5DdS8enVeIPqNfVl2zqgKTfA6yCjSUnhPZk1I k/mejUFiuqn5Czp9v3hS4C0QtOQL2ITDUjv+sb2ky+p8FCha8B3DLdtVU+1OeBEJf8vo ukLjNBaUeWMLwt81fV7tHkgWsgM+BEJxAE7y2cu/nfVTpzdfqLL8N0sdAeDRFUHUDpv9 tZ4vV5Mi3JQx35ff/0/pG3bgbIVJ7vsLqVh7kb+nQl8sY1F+MGIffv0526lxe4EYxUYR 5XKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uuRmC4wbBAj/ABlBIr21uKHHVrN0/gmlVnDu+XcOmrA=; b=Skk8ao6/SMBVwdxpffiRrhO4QqHOQSHg0kVSBqJUktJh92rYut0/gVGICUL3unilBK 6HwZFAMETiykiYMXnwmBZ6vg/y/mSgYzWnYyzuPA9zER0tVqaKtnrvhJLJWOCcypbTXE pxtGWCzHKfcNGy0XQQ3zbCE/wVYlHKOqGhuNKcMb6sDJzNIRMiU44PshpC7kxmppRhvR fHwf5VX7w7fYjY1A1y+uH4LNiBQxmidfr9CatoCA1FH8hLMR7fifPJMQo6dyQKrxKIUR ZsjJ376Hshxx5sqBt9PgnPJZT2ItA5FIsogzyAZD3X2+lxo0+/4/SdKbribpCEdR6Lss 4K9w==
X-Gm-Message-State: AElRT7G3zlBWYGhwtTxlkrjZx54udXrldkujvV+K3ULbfOdfCGwIM+kS 7av8rrhxnqUFLiWGIdSzxTLxi4L4buJXkN4CwC4rAg==
X-Google-Smtp-Source: AG47ELtP+TVla5tLjH2KfIeReSYLqH5kzkGjOueCSOEqjyzHKwNjSO5byKjmt70LUImIdfZydjRVBDOP8aWc1H2VP6k=
X-Received: by 10.31.231.5 with SMTP id e5mr21115112vkh.39.1521931979475; Sat, 24 Mar 2018 15:52:59 -0700 (PDT)
MIME-Version: 1.0
References: <87efk9m7e9.fsf@fifthhorseman.net> <CABcZeBOAaA2_SRSimo2-x-jCw=YjvDsU7h0kPzU9WroTBBHoKA@mail.gmail.com>
In-Reply-To: <CABcZeBOAaA2_SRSimo2-x-jCw=YjvDsU7h0kPzU9WroTBBHoKA@mail.gmail.com>
From: Justin Uberti <juberti@google.com>
Date: Sat, 24 Mar 2018 22:52:48 +0000
Message-ID: <CAOJ7v-3Px-ieyda9+jS3Sju44hbJXDj-32k71NqBaXA41K3EPQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: dkg@fifthhorseman.net, mls@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c094c3202f6370568306740"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/brNeQt7lusG0Pu5N2OUD3QObJ1M>
Subject: Re: [MLS] multiple devices per user?
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Mar 2018 22:53:03 -0000

On Sat, Mar 24, 2018 at 3:43 PM Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Sat, Mar 24, 2018 at 10:32 PM, Daniel Kahn Gillmor <
> dkg@fifthhorseman.net> wrote:
>
>> In the BoF at IETF 101, I expressed my concern about the way that
>> multiple devices fits in the architectural requirements.  I'm repeating
>> those concerns on-list here in the hopes of raising on-list discussion,
>> and trying to flesh them out here in more detail.
>>
>> I see two use cases that might come under the "multi-device" rubric:
>>
>>  a) device loss/recovery
>>
>>  b) actual concurrent use (e.g. laptop + desktop + mobile)
>>
>> i'll focus here mainly on (b), since i think (a) is a distinct
>> situation.
>>
>> Privacy Considerations
>> ----------------------
>>
>> It's not clear to me that any user has a situation where they *want* to
>> indicate to other users of the group which device they're using.
>
>
> Really? Because this kind of status reporting is actually a reasonably
> common
> feature of IM systems.
>
>
> Security Considerations
>> -----------------------
>>
>> When the user has multiple devices, there are two possible approaches:
>>
>>  0) sharing decryption-capable keys across devices (peers see a single
>>     key for each user)
>>
>>  1) distinct per-device decryption-capable keys (peers see multiple keys
>>     per user)
>>
>> One potential argument is that option (1) might provide
>> "transparency" -- or visibility of a key change in the event of an
>> adversary who tries to change the keys of a client.  but i don't think
>> this argument works.
>>
>
> The reason for #1 isn't transparency, it's that there are use cases in
> which users want to add a new device without an existing device being
> online, and these are incompatible with type #0 designs.
>

Also, allowing exfiltration of keys in order to allow cross-device sharing
seems to introduce its own set of problems.

>
>
>
> Furthermore, it's not clear what a group conversation participant can
>> *do*, security-wise, in the event of recieving such a message from
>> another participant -- is this actually a new phone, or is it a wiretap
>> injection?  should i ask the user about it?  should i take action?  what
>> ction?
>>
>
> Generally, I wouldn't expect them to take any action at all. It's a user's
> responsibility to ensure that the right number of devices are registered
> to their account, just as its common for the number of Web browsers
> one has attached to ones Gmail account.
>
>
>> To avoid UX warning fatigue, i'm wary about introducing more of these
>> events than are strictly necessary (scenario (a) above probably
>> represents a "necessary" event, sadly, but "i just got a new phone"
>> doesn't seem necessary).
>>
>> And finally, we presumably want any sort of device change to be
>> authorized from an already-known device for the same user.
>
>
> This was not in fact my assumption, for the reason indicated above
>
> -Ekr
>
>>
>> _______________________________________________
> MLS mailing list
> MLS@ietf.org
> https://www.ietf.org/mailman/listinfo/mls
>