IETF Logo Mail Archive

[MLS] MLS Virtual Clients (subgroups/user-groups) and Paired MLS

Konrad Kohbrok <konrad.kohbrok@datashrine.de> Thu, 14 December 2023 16:30 UTC

Return-Path: <konrad.kohbrok@datashrine.de>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CD46C14F60C for <mls@ietfa.amsl.com>; Thu, 14 Dec 2023 08:30:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.804
X-Spam-Level:
X-Spam-Status: No, score=-2.804 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=datashrine.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ZwtX9HCE8Lc for <mls@ietfa.amsl.com>; Thu, 14 Dec 2023 08:30:32 -0800 (PST)
Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [IPv6:2001:67c:2050:0:465::101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05633C14F5E6 for <mls@ietf.org>; Thu, 14 Dec 2023 08:30:31 -0800 (PST)
Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:b231:465::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4SrdB92Jm4z9sp4 for <mls@ietf.org>; Thu, 14 Dec 2023 17:30:25 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=datashrine.de; s=MBO0001; t=1702571425; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=2K05oEgk2unJMts6RhWhdgMN1TI5XT3cm0TKEPT2d1I=; b=wGQz8WIj5CS1/yddWomzUYanmZqab+0JnVmFEicg1RxTzHsyK3aEzmjinwcKtdUm7UXRc5 R2gPhw6pHPJEFUXeOWRxBnb4sLCP7z5tGbp+srrIJyOt+8rZZogaXunI2BRR6A/5JtN9s1 nQQOQiBu/VV7p0oq6XhqnuyzQ2WV8ZnbO3JtuALwC37VhcOS1AuZGYSxN4UFJRYWGKzsLf gGTBZ3B1eyZPO4xjD6/thlMM/ln8OoPeEwqXd8CL+iF9EQtCQPJb/6xrwlblxYBjIFqTET jwg7lnJac/cYh2rvXyMF6qYKF7096PUMhzxaHi/MoVw/qhO5gaJ3zXT/xe/tzg==
From: Konrad Kohbrok <konrad.kohbrok@datashrine.de>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FAF6979D-9004-4462-9980-FAFDE4FAF309"
Mime-Version: 1.0
Message-Id: <202FE455-2AE2-46B9-8A14-5BCDA0F30482@datashrine.de>
Date: Thu, 14 Dec 2023 17:30:14 +0100
To: MLS List <mls@ietf.org>
X-Rspamd-Queue-Id: 4SrdB92Jm4z9sp4
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/phsCNPSovw6nXcNNLdNMKlzrH3I>
Subject: [MLS] MLS Virtual Clients (subgroups/user-groups) and Paired MLS
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2023 16:30:36 -0000

Hi everyone,

Today two drafts have been published that relate to two individual topics that we have discussed over the past interims: Subgroups (also called user-groups) and MLS pairing (also called guardianship).

The virtual clients (or subgroups) draft (https://datatracker.ietf.org/doc/draft-kohbrok-mls-virtual-clients/) describes how multiple clients can collaborate in emulating a virtual client by forming a subgroup underneath a leaf in one or more MLS groups. This can be used, for example, to allow a user’s devices to share membership in one or more groups, or generally to model any hierarchical structure using MLS groups. While this introduces some complexity, it also brings performance benefits, as trees generally shrink and updates in a subgroup can be re-used across multiple higher-level groups.

The Paired MLS draft (https://datatracker.ietf.org/doc/html/draft-fondevik-mls-pairedmls) allows two MLS clients to pair up, following the protocol described here: https://eprint.iacr.org/2023/1761. Paired-up devices share a randomness source, thus allowing one client to issue PCS updates for the other. This allows a client with more resources to take load off of another, weaker client. This is achieved by the two clients sharing an “anchor”, i.e. a single leaf in one or more MLS groups.

As you may have noticed, the “anchor” concept in Paired MLS is conceptually the same as that of subgroups, which is why we wanted to jointly announce them to the WG.

We are confident that both documents are of interest to the WG and are looking forward to feedback and discussions on the list and in the next interims.

Both documents are still works in progress. In particular, we’re still in the process of lining up terminology, but we’re confident that they are mature enough to open up the discussion.

Cheers,
Konrad

v2.23.0 | Report a Bug | By Email