[Mls] Comments on Charter

Simon Friedberger <simon.cfrg@a-oben.org> Tue, 06 February 2018 12:11 UTC

Return-Path: <simon.cfrg@a-oben.org>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6482126C83 for <mls@ietfa.amsl.com>; Tue, 6 Feb 2018 04:11:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.811
X-Spam-Level:
X-Spam-Status: No, score=-2.811 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1LCBUgbpcHpI for <mls@ietfa.amsl.com>; Tue, 6 Feb 2018 04:11:29 -0800 (PST)
Received: from a-oben.org (squint.a-oben.org [144.76.111.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE357126C22 for <mls@ietf.org>; Tue, 6 Feb 2018 04:11:28 -0800 (PST)
Received: from [91.183.52.43] (helo=[192.168.1.121]) by a-oben.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from <simon.cfrg@a-oben.org>) id 1ej25t-0003D4-Kt for mls@ietf.org; Tue, 06 Feb 2018 13:11:27 +0100
To: mls@ietf.org
From: Simon Friedberger <simon.cfrg@a-oben.org>
Message-ID: <c2f13ed7-7acc-85c6-607a-aba7f950dce6@a-oben.org>
Date: Tue, 6 Feb 2018 13:11:25 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/j-dtlxuTn5bkGfcgCOGpDBReMAQ>
Subject: [Mls] Comments on Charter
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 12:11:31 -0000

1. I think key transparency should be mentioned. Key distribution is a
huge semi-solved problem and leaving it out is not really an option. It
seriously degrades security for the average user who does not validate keys.

2. Federation (for example like in XMPP, where many people run their own
servers just like for e-mail) probably doesn't require anything specific
but it should be discussed to make sure that it works. It would also be
good to take this into account when discussing authentication and key
transparency to make sure it is clear which guarantees hold for people
on other servers. I think it doesn't necessarily have to be in the
charter but should be in any final proposal.


Best Regards,

Simon