Re: [MLS] Fwd: New Version Notification for draft-kiefer-mls-light-00.txt
Brendan McMillion <brendanmcmillion@gmail.com> Sat, 09 March 2024 23:36 UTC
Return-Path: <brendanmcmillion@gmail.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC43EC14F704 for <mls@ietfa.amsl.com>; Sat, 9 Mar 2024 15:36:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wxWb-ZUJZZqm for <mls@ietfa.amsl.com>; Sat, 9 Mar 2024 15:36:41 -0800 (PST)
Received: from mail-ua1-x935.google.com (mail-ua1-x935.google.com [IPv6:2607:f8b0:4864:20::935]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CA68C14F703 for <mls@ietf.org>; Sat, 9 Mar 2024 15:36:41 -0800 (PST)
Received: by mail-ua1-x935.google.com with SMTP id a1e0cc1a2514c-7ce4512d308so1900571241.1 for <mls@ietf.org>; Sat, 09 Mar 2024 15:36:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710027400; x=1710632200; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=e/BArUYRR7xuHznWNrB1qzHKAJIt1cVy7NNBasyU5WY=; b=YpmJ7Kqi8JwEKlaSN6zpOilP0LfbUIsQgWs0p4N8GQARAca63DIt6RT8K3dQqDPRfM z3/s/MTWCmsIb1KEBnrdoEPyTEtSYfmK07V9VJ3b7cPZHGV1EBwu0HivABr5eI+B6hsv 7UpwkIn2H1wvziML1Zqfv52ETBIzoUQO0GdSZ5a5qhpucoA/mjfuVLkum02u+lx21EXF 70CFh1UjDdCW6sZSrsfXmPswAU04p1JK7d7P7lGLvcmLtIiobL24LyzI0En3ky6kHgXY IgpI0dvad5iPXDIcSJUUJWn1uJ26ZERc7ZXECnzjW2ZSXS6S0bUllIYe+ulMp99d/Xgg xgRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710027400; x=1710632200; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=e/BArUYRR7xuHznWNrB1qzHKAJIt1cVy7NNBasyU5WY=; b=PD/pYHlkDpky35KaGnA0tdCpquzPIxFMcEcTj8WoY2tSEd7AGiSPEWZ9d9P2v3dDkq VzrvZDScjdnfcERvAJqoLl2HoyRvjSH4/Xb+1p1AKdEfYtku+3QYW++j2whk0WzRpj1C yD10s0+L7fnCphU/Y/ulmCiHbIByojJgAakoYTJJMJ0EZ2EITrmLNoezc0HQjTfCp7so h9Q+koYtW3ZsPllbgjFjufJUd4fdPD0a+QDZ0GThy92uxmheGM/ra88X8YbOmbnDOfZH HFURRhE/kNV3Q3o5GhTpvN/Lg8SSTX0EcLaW9Mxqi0UH/JcTn/wEvcg75Vy5s4wpHqcW Pq5g==
X-Gm-Message-State: AOJu0YzRz87b/1nKeAizdDn14Zap3Z+2CNP6hJG72SDoYHiboEweFBNv 8LWounwdXQjtQdC8XodfUA6MmMJPaP/QTEFAyeCLSVq/Soe/6epNXXcfCCN1CJSYxhJ944FR8t8 ISDBkXr0QkUXxHj06w8RyY5PI+zgIhXLWwOY=
X-Google-Smtp-Source: AGHT+IHjik6izKBxH0nJplURx9d+RWhHS8vUoc7raLixELsbTCrxUIvp1wQvg3TjSDFNW88BJxuTQBTxjTgXaIRGRDc=
X-Received: by 2002:a67:be08:0:b0:473:159b:6d42 with SMTP id x8-20020a67be08000000b00473159b6d42mr2885452vsq.6.1710027400048; Sat, 09 Mar 2024 15:36:40 -0800 (PST)
MIME-Version: 1.0
References: <170958195527.7571.12950762635820029968@ietfa.amsl.com> <CAL02cgTDT+LhBEF6+sm=jw8hJxHs0sGE0iqw0OSQOPSVQ1cwYQ@mail.gmail.com>
In-Reply-To: <CAL02cgTDT+LhBEF6+sm=jw8hJxHs0sGE0iqw0OSQOPSVQ1cwYQ@mail.gmail.com>
From: Brendan McMillion <brendanmcmillion@gmail.com>
Date: Sat, 09 Mar 2024 15:36:29 -0800
Message-ID: <CAJTd26+f_8Bsmx7sMyO-TvfhsreVv8c63nkf=2iQc5m6XoqXPw@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Cc: Messaging Layer Security WG <mls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000bc7e6f061342c777"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/lPEEZ8CdUyEKI2ouJdgKDr1giG4>
Subject: Re: [MLS] Fwd: New Version Notification for draft-kiefer-mls-light-00.txt
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Mar 2024 23:36:42 -0000
Hi Richard, below are some notes I had while reading # 6. Tree Slices This section mentions that parent hashes are verified in TreeSlices. I believe the parent hash construction only provides security if all of the parent hashes can be verified at once. But this may not be an issue as long as light clients don't indicate that someone is a member of a group until they've actually received a message from that person. In which case, parent hashes could just be ignored. # 7. Light MLS The tree_info and light_path_secret extensions are not registered in section 11.2. I'm also confused how light_path_secret could be an extension of GroupInfo, if GroupInfo is signed by the group member, but LightCommit is constructed by the DS specifically for one user? # 7.1.2. Processing a Light Commit Why do you send LightCommits with a broken signature, instead of using a preconfigured external sender belonging to the DS? # 7.2. Light MLS Extension What is the purpose of specifying the upgrade modes? Is there a problem with allowing clients to upgrade/downgrade as they please? Also I don't think LightMlsExtension needs to be in `required_capabilities`, given that it is already in the GroupContext. On Mon, Mar 4, 2024 at 11:59 AM Richard Barnes <rlb@ipv.sx> wrote: > Hi MLS folks, > > A few of us have been discussing how we can make MLS faster and easier for > lightweight clients, or normal clients participating in giant groups. This > draft captures an initial proposal in that direction. > > The core idea is to trade off authentication for speed: Allow clients to > join a group and participate without downloading and validating the ratchet > tree. Obviously, such a client won't know the entire membership of the > group, and they won't be able to commit. But as long as they know the tree > hash, they can validate log-sized proofs of membership for any given member > (e.g., themselves or the member who added them). And with a little help > from the DS, they can process Commits and keep up with the group. > > This obviously makes some interesting changes from a security analysis > point of view. In addition to the authentication changes noted above, > allowing light clients to process Commits requires some changes to Commit > validation. Karthik and Franziskus have already done some modeling on > this, and there are some notes in the document. > > Feedback very much welcome, happy to discuss here or in Brisbane! > > Best, > --Richard > > > ---------- Forwarded message --------- > From: <internet-drafts@ietf.org> > Date: Mon, Mar 4, 2024 at 2:52 PM > Subject: New Version Notification for draft-kiefer-mls-light-00.txt > To: Richard L. Barnes <rlb@ipv.sx>, Joël Alwen <alwenjo@amazon.com>, > Franziskus Kiefer <franziskuskiefer@gmail.com>, Karthikeyan Bhargavan < > karthik.bhargavan@gmail.com>, Marta Mularczyk <mulmarta@amazon.ch> > > > A new version of Internet-Draft draft-kiefer-mls-light-00.txt has been > successfully submitted by Richard L. Barnes and posted to the > IETF repository. > > Name: draft-kiefer-mls-light > Revision: 00 > Title: Light Clients for MLS > Date: 2024-03-04 > Group: Individual Submission > Pages: 17 > URL: https://www.ietf.org/archive/id/draft-kiefer-mls-light-00.txt > Status: https://datatracker.ietf.org/doc/draft-kiefer-mls-light/ > HTML: https://www.ietf.org/archive/id/draft-kiefer-mls-light-00.html > HTMLized: https://datatracker.ietf.org/doc/html/draft-kiefer-mls-light > > > Abstract: > > The Messaging Layer Security (MLS) protocol provides efficient > asynchronous group key establishment for large groups with up to > thousands of clients. In MLS, any member can commit a change to the > group, and consequently, all members must download, validate, and > maintain the full group state which can incur a significant > communication and computational cost, especially when joining a > group. > > This document defines Light MLS, an extension that allows for "light > clients". A light client cannot commit changes to the group, and > only has partial authentication information for the other members of > the group, but is otherwise able to participate in the group. In > exchange for these limitations, a light client can participate in an > MLS group with significantly lower requirements in terms of download, > memory, and processing. > > > > The IETF Secretariat > > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls >
- [MLS] Fwd: New Version Notification for draft-kie… Richard Barnes
- Re: [MLS] Fwd: New Version Notification for draft… Brendan McMillion