[MLS] Re: Comments on Leaf Operation Intents
Konrad Kohbrok <konrad.kohbrok@datashrine.de> Mon, 03 November 2025 10:06 UTC
Return-Path: <konrad.kohbrok@datashrine.de>
X-Original-To: mls@mail2.ietf.org
Delivered-To: mls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id EBCE68147C00 for <mls@mail2.ietf.org>; Mon, 3 Nov 2025 02:06:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.801
X-Spam-Level:
X-Spam-Status: No, score=-2.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=datashrine.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eQwuEgm3ZaAl for <mls@mail2.ietf.org>; Mon, 3 Nov 2025 02:06:52 -0800 (PST)
Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [IPv6:2001:67c:2050:0:465::101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 5FD188147BF8 for <mls@ietf.org>; Mon, 3 Nov 2025 02:06:52 -0800 (PST)
Received: from smtp102.mailbox.org (smtp102.mailbox.org [IPv6:2001:67c:2050:b231:465::102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4d0S0y4sxQz9sqs; Mon, 3 Nov 2025 11:06:42 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=datashrine.de; s=MBO0001; t=1762164402; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8asT6NvY4atPZx/nxeiZbQYorvWxueFutpBxzF90gdw=; b=S/m9xHVmnZqkw6irAq+QZoSzggHBetZl1nU1FuNVEDvwuvVJF3SFmqis/wunm8DZMAbifo vTF8cXk3xXDGre4KlN9210+2NSPAtcwVLcfqAjobgaaacgHzPIy70m12ndBbQR9Ev4TVFh qat5wtjI9/Gf3MPRkf6sEd18QeIvBVFD4jaXj/gysh2qryS2aeUAhHjTIoIhWcywNtL48j ampNDht474dAypCPK63vWZRv1zzHiZZSMqQU8dndOZHl8Nf1wtyqpG/UQ5ronlLbiMDNbd 5UroveI/LN6kUYpI07hVUMhwbgkqB4YbaH9NDKgjmolcvFU1q8f+qcOwCBO8wg==
Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of konrad.kohbrok@datashrine.de designates 2001:67c:2050:b231:465::102 as permitted sender) smtp.mailfrom=konrad.kohbrok@datashrine.de
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0
From: Konrad Kohbrok <konrad.kohbrok@datashrine.de>
In-Reply-To: <CAKoiRuagUE45Jn4WaJRFAMRjExyjU5f1rend2t7G__2tTMiVyw@mail.gmail.com>
Date: Mon, 03 Nov 2025 11:06:31 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <B4A20367-CEBF-4C90-961D-88FDCA83587A@datashrine.de>
References: <CAKoiRuagUE45Jn4WaJRFAMRjExyjU5f1rend2t7G__2tTMiVyw@mail.gmail.com>
To: Rohan Mahy <rohan.mahy@gmail.com>
X-Rspamd-Queue-Id: 4d0S0y4sxQz9sqs
Message-ID-Hash: F27Z62JOJSQ6BOO2U4CDZG4XHLBBZE5O
X-Message-ID-Hash: F27Z62JOJSQ6BOO2U4CDZG4XHLBBZE5O
X-MailFrom: konrad.kohbrok@datashrine.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-mls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: MLS List <mls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [MLS] Re: Comments on Leaf Operation Intents
List-Id: Messaging Layer Security <mls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/lMxqiiJu4nmIX9T5jlKF_8jsdOE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Owner: <mailto:mls-owner@ietf.org>
List-Post: <mailto:mls@ietf.org>
List-Subscribe: <mailto:mls-join@ietf.org>
List-Unsubscribe: <mailto:mls-leave@ietf.org>
Glad to hear that you found it easy to understand. Although maybe your question implies that it wasn’t so easy to understand? I’m not sure. I’m not sure I understand the problem about retention of keying material. Sure, sending the intent doesn’t ensure that the client is immediately removed, but that is transparent to everyone in the group. Yes, the idea is that after sending the intent, someone else at some point creates a proposal and commits it. That could be an external sender like the DS. And I am totally in favour of external committers getting all pending proposals. Maybe you could give an example scenario where the problem occurs? The point of the intent is that it can be created offline, i.e. even if the sender doesn’t have an up-to-date group state. The main feature is that it acts as a SelfRemove proposal that is decoupled from the current group state, but instead is bound to the state of the leaf. As such, it’s orthogonal to the handling of proposals by external joiners. Konrad > On 3. Nov 2025, at 10:23, Rohan Mahy <rohan.mahy@gmail.com> wrote: > > Hi, > First, this document was easy to understand. > > While addressing the problem of clients having to manage state for their own removal, this seems to just sweeps under the rug the problem that under some circumstances†, a client could have valid keying information for several future epochs after another of its clients sent an intent for all the user's clients to leave. Why not just make external committers get all pending proposals and be done with it? That would assure deletion during the next epoch transition. Is there a benefit I am overlooking? > > Next, I think we are overusing WireFormats. I think if we implement intents, we really want a new content type that reuses PrivateMessage, SemiPrivateMessage, or PublicMessage, but has an `intents` ContentType which shares the handshake ratchet with commit and proposal. > > Thanks, > -rohan > > †in the face of a bunch of external commits coming quickly (ex: a burst of join activity) > _______________________________________________ > MLS mailing list -- mls@ietf.org > To unsubscribe send an email to mls-leave@ietf.org
- [MLS] Comments on Leaf Operation Intents Rohan Mahy
- [MLS] Re: Comments on Leaf Operation Intents Konrad Kohbrok
- [MLS] Re: Comments on Leaf Operation Intents Rohan Mahy
- [MLS] Re: Comments on Leaf Operation Intents Konrad Kohbrok