Re: [MLS] AEAD data in messages

Peter Slatala <psla@google.com> Tue, 13 August 2019 14:13 UTC

Return-Path: <psla@google.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 609101201E4 for <mls@ietfa.amsl.com>; Tue, 13 Aug 2019 07:13:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JcHUAEFLhSLz for <mls@ietfa.amsl.com>; Tue, 13 Aug 2019 07:13:51 -0700 (PDT)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D6F61201DE for <mls@ietf.org>; Tue, 13 Aug 2019 07:13:51 -0700 (PDT)
Received: by mail-qt1-x832.google.com with SMTP id d17so27501650qtj.8 for <mls@ietf.org>; Tue, 13 Aug 2019 07:13:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=S1OftiizSMqrS3USoEHqWw56yKZN9oFc9qactPS0WGU=; b=YabdANvKuj197D2BbHjPu6zoxZVCwxVytm8/6CQR9W5NhjUuahee/oYGu4P4r+5yLZ 1x9dwVef3SJorrq3otIPvfqfI2uWhLRtPXNfkLJsC5SXSV3aRsU06H1481RjRVjftF0H PFUMgWKsKLMScb9WlR+G7SmOWPLA0+SkBX6NDLeIUgnFOUppN6jFdVIY6iYqv+Xe4pbf 4lr8QHeWkjXRHaWHBPt6O5tVIy/Ah3AYkoXiXzLpgf3JoHNOrCpRFkHQDvj2LIBPZflv ExspL3bX5dEJc3kingUNjGgbCi8cB9B9e9Y2TFVwS9dA4+3hIZGTtnuC0ad6Jhxx5WFD a/+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=S1OftiizSMqrS3USoEHqWw56yKZN9oFc9qactPS0WGU=; b=psqBq6UIOohxYvmkcmcVYvlMBQg8SkJscAbPdjkb6u7YnGvDoSChY7WM2PI4m/gwvk boUEdAWj3uKESp2X17LiVaeBMF78PaZcPbeIUJyTITmudlHNIlQqaR0tIeaw+kGds6fU TCZDiW0iPmQUmZO7vonlNRoRxGrE3umwMx9PSqOVcceQgJ1uQuon0k5fKSL22upv9NtO TFB34NgVFUxXC7fhWmiWAb2tAHSoN4RSSzWMojTGCRB3KZI0XI+F5FaLA8TzcjMkIwkb V97ModHpwOk85Xzrw57JTczolTk60mwkNf4SzX4CboNcFHUnH1T5Os2f4zvyQzS3V+vi jYjQ==
X-Gm-Message-State: APjAAAUv79jablDcwN19ZB/U0Z2EnHAAWzji464nJvavUOaqddiT2C4l /LBrdZN3u/VEMDGeARgUiVxzeEMQrvPvtVQ7n75CN46VCoQ=
X-Google-Smtp-Source: APXvYqzJd5VNGyjvEzcGyUiLe4qiar7zZmrpCc7di/H6SIWNifMLx2ceq3jPziT0oouRsIF8eMKvP+k6G8uCHh9toLA=
X-Received: by 2002:ac8:41d1:: with SMTP id o17mr31084888qtm.383.1565705630093; Tue, 13 Aug 2019 07:13:50 -0700 (PDT)
MIME-Version: 1.0
References: <CAJ1bmRnw3WmQZstaHi2+gmA1jrQKy_A2vAk6AYVEG3QwGke7MQ@mail.gmail.com> <6A8807D1-D46F-493D-BFDD-C228D31CED2C@gnunet.org>
In-Reply-To: <6A8807D1-D46F-493D-BFDD-C228D31CED2C@gnunet.org>
From: Peter Slatala <psla@google.com>
Date: Tue, 13 Aug 2019 07:13:24 -0700
Message-ID: <CAJ1bmR=Ya_eBudpbuG0-6qq-Tz8z2H8345rNnxqSdbLGDt+W=w@mail.gmail.com>
To: Jeff Burdges <burdges@gnunet.org>
Cc: mls@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e7f3cb0590003fd6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/oNgVSe56wkDFfnJjfHXmRLyWaIU>
X-Mailman-Approved-At: Tue, 13 Aug 2019 08:29:16 -0700
Subject: Re: [MLS] AEAD data in messages
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2019 14:13:53 -0000

On Mon, Aug 12, 2019 at 11:24 PM Jeff Burdges <burdges@gnunet.org>; wrote:

>
>
> > On 13 Aug 2019, at 01:15, Peter Slatala <psla=2Bmls=
> 40google.com@dmarc.ietf.org>; wrote:
> > I was wondering if you considered allowing additional plaintext but
> authenticated data in MLS messages.
>
> It’d be outside the header encryption, making the AEAD would be the header
> encryption?
>
> How would the delivery service authenticate it?
>
Delivery service is often TLS encrypted so client-server connection should
be secure.


> > Here are some use-cases for MLS that I can think of:
> > * sending a 'sending device identifier' in case if delivery service
> can't differentiate different user devices from each other.
>
> I’d hope the delivery service does not care too much to which device it
> communicates.


> > * sending 'message type' that server can act upon. For example, delivery
> report sent by the recipient to the sender, which also acts as an ACK to
> the server that the message was persisted.
>
> > * authenticating message id (but make it visible to server to avoid
> redelivery),
>
> ACKs and message ids should often be done fully encrypted, but yeah making
> one ACK or message id notify both the delivery service and the end user
> makes sense in some use cases.
>
> Jeff
>
>
>