Re: [MLS] Stupidest possible message protection
"Katriel Cohn-Gordon" <me@katriel.co.uk> Mon, 03 December 2018 21:27 UTC
Return-Path: <me@katriel.co.uk>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8150F12D4ED for <mls@ietfa.amsl.com>; Mon, 3 Dec 2018 13:27:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.679
X-Spam-Level:
X-Spam-Status: No, score=-1.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MISSING_HEADERS=1.021, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=katriel.co.uk header.b=efwqHOKd; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ycSfgnTZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id McoRzGlF8mAl for <mls@ietfa.amsl.com>; Mon, 3 Dec 2018 13:27:02 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C034129BBF for <mls@ietf.org>; Mon, 3 Dec 2018 13:27:02 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id AF1092299A for <mls@ietf.org>; Mon, 3 Dec 2018 16:27:00 -0500 (EST)
Received: from web5 ([10.202.2.215]) by compute6.internal (MEProxy); Mon, 03 Dec 2018 16:27:00 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=katriel.co.uk; h=message-id:from:cc:mime-version:content-transfer-encoding :content-type:subject:references:date:in-reply-to; s=mesmtp; bh= dDafMHUjgk/MFUUYSe2Slt5KuuibVmX55b5z/MshJ6Y=; b=efwqHOKd6siTFwtq OuFgIEDqpG1qlTMGB+RBmCvrMs7i/0JVIMwPhnPPYRCPDHILKbYMJbXdY/UOKL5/ xm07lr+SefUblp7aWi/JyG4HpYJMob93fI9ZM9PO7nDXhmOU0VRwLPma7uwNrrkA sZjeWlHOaQPTLLc07fAfqOK/BK4=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=dDafMHUjgk/MFUUYSe2Slt5KuuibVmX55b5z/MshJ 6Y=; b=ycSfgnTZnn9wUlHCrD8cQE20mKkO8sdm2Wk58mSJmKtXTrnfLadxB/B78 YwzP9DAudHaeYCaRFGEfEa7jkpJXIYgGG1d+L6+ZCarpr6Juj11I8RuApGQkx0f0 NP/OZmhaUzTGHWpAn9ZZoT0VIVTML68Q2rYUY9eRDms9GoFUS4kRWFNUqeN1fd3v WIKkVg9Y83ScyVa9NBpJ2jU6ikbsQYLhRNDoDkEjvVlgNzXUK5Sk3ygAmTgMOi1O vJrIotjgpsevSNY8CTd7sVDABP0pT5iwyPfhUDs93MtYhexVUffj8w+GuDs4xTNq TdHQUyO/a6Fb7vCb7yr8SqEVrBRUw==
X-ME-Sender: <xms:pJ8FXPOJa2izWDBDUxlkETVeRMKI0Md9dfUfR8a4TAyWcAXLRDgc-Q>
X-ME-Proxy: <xmx:pJ8FXIBi9fVtCYbpCLDCyXvJ0bdc6jJwKuyLaTn15EbMWa9BmNyZ_w> <xmx:pJ8FXMOfR-MX8nWU8GltI1sUOpMU6FvfisrbwftGQnb4SLFQ_BWwkQ> <xmx:pJ8FXLDdVvC7jlozRAjFh0uinlBdmP8mLwOngKJJ4XQ1-rSyA13crQ> <xmx:pJ8FXIY5x6PFkpBhGXn-Y0dfAAINUVbZ4FthKMdd6W5xVeQqrhL5xw> <xmx:pJ8FXAR0MJ5DZuk6tmqYTMlElvWSGqgLOycy8Y3PXoGseaWxrtHYfA> <xmx:pJ8FXJHg8LCz1YMoOy2_IIaSXBLexaT425lJNv43X6m_fWrzqeskhA>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 4B9879E20B; Mon, 3 Dec 2018 16:27:00 -0500 (EST)
Message-Id: <1543872420.903300.1597612856.02D2AD0D@webmail.messagingengine.com>
From: Katriel Cohn-Gordon <me@katriel.co.uk>
Cc: mls@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_15438724209033002"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-3449945b
References: <CAL02cgTjD==YgS848sBWEGrBBkNMAtbUXJuV6RrDmak_+Mu6fw@mail.gmail.com> <6369845D-4139-4043-90F8-08AFAD4EE47B@gmail.com> <CAL02cgQFUNYVQHFni9JkwRn7Zo9kL52KyazAuL+YQVFBQT1RHg@mail.gmail.com> <D43F3ED4-E2FF-46C1-B10A-0C6169137738@wire.com> <B2437354-B775-4EEE-999D-E7BC5CA5EBEA@vigilsec.com>
Date: Mon, 03 Dec 2018 21:27:00 +0000
In-Reply-To: <B2437354-B775-4EEE-999D-E7BC5CA5EBEA@vigilsec.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/dEaZClY5DZAON-3kHggnni_-O2Y>
Subject: Re: [MLS] Stupidest possible message protection
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Dec 2018 21:27:05 -0000
I think "clients choose" != "users choose" --- rather, whoever builds this into their application makes the choice for their users in the client code. On Mon, 3 Dec 2018, at 9:10 PM, Russ Housley wrote: > > >> On Dec 3, 2018, at 10:46 AM, Raphael Robert >> <raphael=40wire.com@dmarc.ietf.org> wrote:>> >> I agree with Richard that letting clients choose is a good idea. I >> think that for the sake of simplicity clients should choose whether >> to encrypt HS messages or not right at group creation> > It is not clear to me how a user would make that choice. They do not > really have much visibility into the consequences of the choice. So, > it would be good for this group to make to choice or provide a concise > description of those consequences in language a user might find > helpful.> > Russ > > _________________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls
- [MLS] Stupidest possible message protection Richard Barnes
- Re: [MLS] Stupidest possible message protection Watson Ladd
- Re: [MLS] Stupidest possible message protection Richard Barnes
- Re: [MLS] Stupidest possible message protection Katriel Cohn-Gordon
- Re: [MLS] Stupidest possible message protection Karthikeyan Bhargavan
- Re: [MLS] Stupidest possible message protection Richard Barnes
- Re: [MLS] Stupidest possible message protection Raphael Robert
- Re: [MLS] Stupidest possible message protection Russ Housley
- Re: [MLS] Stupidest possible message protection Katriel Cohn-Gordon
- Re: [MLS] Stupidest possible message protection Raphael Robert
- Re: [MLS] Stupidest possible message protection Richard Barnes
- Re: [MLS] Stupidest possible message protection Raphael Robert