Re: [MLS] multiple devices per user?

Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 25 March 2018 13:28 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6FE11250B8 for <mls@ietfa.amsl.com>; Sun, 25 Mar 2018 06:28:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nWI4JObONN1A for <mls@ietfa.amsl.com>; Sun, 25 Mar 2018 06:28:44 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 750E51205D3 for <mls@ietf.org>; Sun, 25 Mar 2018 06:28:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 0F0B8BE58; Sun, 25 Mar 2018 14:28:42 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A7gcLmOEuhV7; Sun, 25 Mar 2018 14:28:41 +0100 (IST)
Received: from [10.244.2.138] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id CABEBBE38; Sun, 25 Mar 2018 14:28:40 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1521984520; bh=1nveLD4RsFat0jrqgORGfVz1ZINj1a/QBTGN6CxgLSM=; h=Subject:To:References:From:Date:In-Reply-To:From; b=rzlUszveoFcyhaMW3NvObzFkryh8wJxF7HpMXChStQL+7/RHjRxMfVuaIdzvgYh+B Ivo9as6eQ8P/Kjkr60cjHqrZireBt/R33kA7QwhiwJZBtMxJci949ZaBNvUYFtm3p7 +AvEvMaylOzcXjJINg6/STnNbzh3oy7oxaLeAOuA=
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, mls@ietf.org
References: <87efk9m7e9.fsf@fifthhorseman.net>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=5BB5A6EA5765D2C5863CAE275AB2FAF17B172BEA; url=
Message-ID: <96e05d98-850c-68ce-403f-7320135761f8@cs.tcd.ie>
Date: Sun, 25 Mar 2018 14:28:40 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <87efk9m7e9.fsf@fifthhorseman.net>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="D25udf2aAGFz6jZxoCCopatKfkfHSqMQr"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/mRAU6Ydar4fjWJo4Q9m5uDsK_hU>
Subject: Re: [MLS] multiple devices per user?
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Mar 2018 13:28:47 -0000

Hiya,

On 24/03/18 22:32, Daniel Kahn Gillmor wrote:
> 
> Wouldn't it be safer and simpler to assume a design that insists on
> single-key-per-user, and hide multi-device private-key-synchronization
> from the other participants in the group chat?

Speaking as a user and teeny-weeny service operator (most
recently of the riot/matrix variety), but not as an implementer:-

- I've no problem with device specifics being visible to the
small groups of which I'm a member or that I support.

- I would prefer that device specific details not be visible
in larger settings, e.g. were I a member of a group with ~100
members or more say, or if using some federation scheme, where
I won't necessarily know group sizes or memberships.

- I understand that it might be simpler to treat each device
independently within MLS, but would be happier if the WG spent
a bit of time considering whether it is possible to do better
and provide a way for applications to hide device specifics if
that makes sense to the application.

Cheers,
S.