IETF Logo Mail Archive

[MLS] Re: Comments on Leaf Operation Intents

Rohan Mahy <rohan.mahy@gmail.com> Mon, 03 November 2025 10:34 UTC

Return-Path: <rohan.mahy@gmail.com>
X-Original-To: mls@mail2.ietf.org
Delivered-To: mls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 1D0B3814A2B2 for <mls@mail2.ietf.org>; Mon, 3 Nov 2025 02:34:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Ukl62Ypb92u for <mls@mail2.ietf.org>; Mon, 3 Nov 2025 02:34:13 -0800 (PST)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 9D8CC814A2AB for <mls@ietf.org>; Mon, 3 Nov 2025 02:34:13 -0800 (PST)
Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-640b4a52950so1185252a12.1 for <mls@ietf.org>; Mon, 03 Nov 2025 02:34:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1762166046; x=1762770846; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+2zsivvOsquv2xXAGqsOhJXTVH6c+8NWLudHiYG/CFE=; b=fURKLDT/iIP/ENoVKB203gNdStjEiT1ApXxD2AAG7QcCT/pxEw3Ar8u+nTMKVila/4 2BTgU2nCuSupJxU68FOn3JXzQ9QntgMm/4BvE+6p7bDG4p+r6dcwdg1tNVhyx/3JburC l0AybliajmPbrsRKGhyY6DA5rwOgFLfSpU3ZJalH1GO2j5QFIjmbQR7y5sytIqJAFn8r WUQWaOV+2zjlNIpWHwvnsq+oOx4tnXqupA6CFP6/6p8FmPNhMquPvLEMPiuiV1I7GF9A GP6CxTBiRteLbEGPgmgm6PaZMwF9KdJ+Iiy5ZiaSiY986UNo5pBITisvXfrcn5x5lW/0 66Mw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1762166046; x=1762770846; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+2zsivvOsquv2xXAGqsOhJXTVH6c+8NWLudHiYG/CFE=; b=gxYk9enN3c9mSxHTUQ5n6fA7WBymG1zWU50um0WqPDqxPCaN/TyUfPw2XQLB4EH8uR AqLFwJ2Y6/vACXLhJUso9qFoMixfSS7giIswsEbMQ4Q6rM86rnc0Wr0XK2sQY8iXl3pk BDQCu2dMgDM4XnOlIDCivB3+7KrzVFqew0nobEw8G40IcSDm/MO8FJRREiuCSccJFLIp OmVE0S87Du07g6GtJ/zanuwqoStAywtJohk6rJQXw6iLuOn9hpriXxxbj6BBxd9GcW/X b7+kciddfbChVitpHrFQAj4XdwORtesvE4p6Ig95upyy3fDGlpzQmTZwgPW+eKkraAjI nbOw==
X-Gm-Message-State: AOJu0YysXIaZKuZEH2L4xa7iOHohZYsGIR9x62FNz2/Ptms3lczVnOMr paFSb4JPdnMeIhpWINcMUdzinwjvCQUNjajMo4Wbms8TV73fv+JV3ZdRPZjgY6ZL/V5+jsio56P hxLxdEkWwIw2lduOXFw6EguB86gye3/o5tVJW
X-Gm-Gg: ASbGncuA8DbwwNrzVkevqC3dBE3W3UNdm8Q0j7xRh3L2o74ewlukh27zlmrApXs6uCW +02rq14rGt/AcJW0sx5bZknlPKlP23mIHh+FynTA9nV/nB23jqXCfM60bu1wBqsRDbTV8jMgdCr mWa9Uxr8PqooRuBNfAgJaQlSducS661nsHtw2YTnYlTSrX1CeGeo0CBDoahv/RwKrpHkfuFsk4b Sy+SHGG1x5+yUcJU2xiXJAFQoVqvIBxrLwGoxEEb3+N1BCmiZnQOU6XuaF0GC1wNrUq3tJue7fV KdKR4H9G0ARVj+HwCwLM2vRwatQ=
X-Google-Smtp-Source: AGHT+IHcFHK9VQAwUxsaJF7MM87vei/Y9OFObhFO+ReLm3a2HXupu00/DeUHo/Azgj89c45JIvQOvNmK+zNF8ZlT4w8=
X-Received: by 2002:a05:6402:51d0:b0:640:9c93:b29c with SMTP id 4fb4d7f45d1cf-6409c93b870mr5556377a12.20.1762166046343; Mon, 03 Nov 2025 02:34:06 -0800 (PST)
MIME-Version: 1.0
References: <CAKoiRuagUE45Jn4WaJRFAMRjExyjU5f1rend2t7G__2tTMiVyw@mail.gmail.com> <B4A20367-CEBF-4C90-961D-88FDCA83587A@datashrine.de>
In-Reply-To: <B4A20367-CEBF-4C90-961D-88FDCA83587A@datashrine.de>
From: Rohan Mahy <rohan.mahy@gmail.com>
Date: Mon, 03 Nov 2025 05:33:55 -0500
X-Gm-Features: AWmQ_bmQaQKV6bxJTfqnN3ikCzgsbPwe9xlb2IvQ7NQ6AMiww3vkm4YSPlQjgMc
Message-ID: <CAKoiRuaMk_urU9B855sfnfMDu-kb3WD1u2Tk4nvCe3=CYXAKaw@mail.gmail.com>
To: Konrad Kohbrok <konrad.kohbrok@datashrine.de>
Content-Type: multipart/alternative; boundary="0000000000003a45e90642ae4123"
Message-ID-Hash: GTJWEUYIJ4FRDWFD5F5FES2SVCLTXPDY
X-Message-ID-Hash: GTJWEUYIJ4FRDWFD5F5FES2SVCLTXPDY
X-MailFrom: rohan.mahy@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-mls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: MLS List <mls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [MLS] Re: Comments on Leaf Operation Intents
List-Id: Messaging Layer Security <mls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/lL_nt8LB64Swgnr3fFaDcO_wAck>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Owner: <mailto:mls-owner@ietf.org>
List-Post: <mailto:mls@ietf.org>
List-Subscribe: <mailto:mls-join@ietf.org>
List-Unsubscribe: <mailto:mls-leave@ietf.org>

Hi Konrad,
OK,I missed in the intro that you were trying to solve the problem of not
having state even when trying to remove itself it doesn't have current
state. The last sentence of paragraph 2 in the intro is dominated by the
resend phrase. Again the third paragraph talks about resending (not just
sending the first time), then finally mentions "might be offline at the
time".  I think these are two separable problems. The solution to having to
keep state for resends is to fix external commit handling of proposals. The
solution to "I want to delete state NOW NOW NOW even though I am offline",
is a motivation for intents.

In the MIMI model, a removed participant also needs to propose removing
itself from the participant list. How would this be handled?
Thanks,
-rohan

On Mon, Nov 3, 2025 at 5:06 AM Konrad Kohbrok <konrad.kohbrok@datashrine.de>
wrote:

> Glad to hear that you found it easy to understand. Although maybe your
> question implies that it wasn’t so easy to understand? I’m not sure.
>
> I’m not sure I understand the problem about retention of keying material.
> Sure, sending the intent doesn’t ensure that the client is immediately
> removed, but that is transparent to everyone in the group. Yes, the idea is
> that after sending the intent, someone else at some point creates a
> proposal and commits it. That could be an external sender like the DS. And
> I am totally in favour of external committers getting all pending
> proposals. Maybe you could give an example scenario where the problem
> occurs?
>
> The point of the intent is that it can be created offline, i.e. even if
> the sender doesn’t have an up-to-date group state. The main feature is that
> it acts as a SelfRemove proposal that is decoupled from the current group
> state, but instead is bound to the state of the leaf. As such, it’s
> orthogonal to the handling of proposals by external joiners.
>
> Konrad
>
> > On 3. Nov 2025, at 10:23, Rohan Mahy <rohan.mahy@gmail.com> wrote:
> >
> > Hi,
> > First, this document was easy to understand.
> >
> > While addressing the problem of clients having to manage state for their
> own removal, this seems to just sweeps under the rug the problem that under
> some circumstances†, a client could have valid keying information for
> several future epochs after another of its clients sent an intent for all
> the user's clients to leave. Why not just make external committers get all
> pending proposals and be done with it? That would assure deletion during
> the next epoch transition. Is there a benefit I am overlooking?
> >
> > Next, I think we are overusing WireFormats. I think if we implement
> intents, we really want a new content type that reuses PrivateMessage,
> SemiPrivateMessage, or PublicMessage, but has an `intents` ContentType
> which shares the handshake ratchet with commit and proposal.
> >
> > Thanks,
> > -rohan
> >
> > †in the face of a bunch of external commits coming quickly (ex: a burst
> of join activity)
> > _______________________________________________
> > MLS mailing list -- mls@ietf.org
> > To unsubscribe send an email to mls-leave@ietf.org
>
>

v2.35.0 | Report a Bug | By Email | System Status