Re: [MLS] [Mls] Comments on Charter
Richard Barnes <rlb@ipv.sx> Tue, 13 March 2018 15:58 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E78A9127241 for <mls@ietfa.amsl.com>; Tue, 13 Mar 2018 08:58:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PXkhN0VI93xK for <mls@ietfa.amsl.com>; Tue, 13 Mar 2018 08:58:03 -0700 (PDT)
Received: from mail-wr0-x22e.google.com (mail-wr0-x22e.google.com [IPv6:2a00:1450:400c:c0c::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 944AD126DC2 for <mls@ietf.org>; Tue, 13 Mar 2018 08:57:39 -0700 (PDT)
Received: by mail-wr0-x22e.google.com with SMTP id l8so281123wrg.5 for <mls@ietf.org>; Tue, 13 Mar 2018 08:57:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=kr+Vmv7cCYWL5xYo0bqHxHeb9zCSxj4WIDBNm4X5JS0=; b=BWI2ji0Af9TLAg6T25xrv7C35BHUn4Lkz1frSeDcCKqnIm7lTrOtbtJsd6EHS9auis DFHGPigSJ+xqZtGF42myWDJrFkqSa+pREnQ7dCfbizDi5oSPPusrFcpakMXveJQIVCwi U5uGM8jWenowg0pZtaBGJpaqTZlrqLaR44rX8tvh+18aH4n7ENNFnIyzKdUoEMWkDgJF HsaCV0igOBAXcYxJyVheDiMk/DT4nxyrC1i1H3TeKZoffy/wMLHSofiYVGmGr/1IDno6 rWMG/uqHU+lUaWRLCeTu7q8IZU+lZFTdMMeteLH8TWGsU+NgeOIDBiFc7TJKZgSJah1i X+Rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=kr+Vmv7cCYWL5xYo0bqHxHeb9zCSxj4WIDBNm4X5JS0=; b=FV5ChuUE4lThdHPfftnh1jSFfs9cGXdiS54/OgwsO24RHOPLEP12c+w/OIuqp+ImQn YonwzpfM0J0nY+m6ccQST/Bkq8CQbXHLi0p9UpleeSQX12O8Hr99oVnW5KSthy9QsIYj 2WUQW8tkEx4htBsbKqlPfuJR0qjdGbPX65/e3ICsx+5UMllX/AgrRudb5jf5lFC/9t7N Km9JZs7weVb5da7/IOAbrJplV4h3vGbo9ZUqmn+y2zywEBf1ZOClfLbHZf5X1ASxqBYe Xt+LKNs+fi1DTderzO+QBiEt0PNUEnG8Sr2w25NxAIbamgFnAir67+Fd68iZBBLqXhDz aoEA==
X-Gm-Message-State: AElRT7GVevUhevgt+BMxnp34fFL1Dunw26Qbpv7PQQ2VmFj5Y2yta9KM mgQzvZCqYZTaLS/CIizviFJ+mzUJz4Pc/ClOI5CSu4fz0ws=
X-Google-Smtp-Source: AG47ELvLvLOj48Xxg563YmysOkJUr50DfKgc0muiPgn4P4OVEWw+h5wtbp6TIM9tsnFOqm20Yzw++qjq0yjbePyGOM8=
X-Received: by 10.223.171.167 with SMTP id s36mr1040554wrc.52.1520956657919; Tue, 13 Mar 2018 08:57:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.28.12.140 with HTTP; Tue, 13 Mar 2018 08:57:37 -0700 (PDT)
In-Reply-To: <c2f13ed7-7acc-85c6-607a-aba7f950dce6@a-oben.org>
References: <c2f13ed7-7acc-85c6-607a-aba7f950dce6@a-oben.org>
From: Richard Barnes <rlb@ipv.sx>
Date: Tue, 13 Mar 2018 11:57:37 -0400
Message-ID: <CAL02cgQhuSN=b3wZMdNOYE5pZv8WOt1HM1Qcobi3QcFi9WrcVw@mail.gmail.com>
To: Simon Friedberger <simon.cfrg@a-oben.org>
Cc: mls@ietf.org
Content-Type: multipart/alternative; boundary="001a113b37b6507e8c05674d5121"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/qjSUHXSvBgI8IWuFa9bTDd3VCig>
Subject: Re: [MLS] [Mls] Comments on Charter
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 15:58:18 -0000
Hey Simon, Thanks for the comments, sorry for the delay. On Tue, Feb 6, 2018 at 7:11 AM, Simon Friedberger <simon.cfrg@a-oben.org> wrote: > 1. I think key transparency should be mentioned. Key distribution is a > huge semi-solved problem and leaving it out is not really an option. It > seriously degrades security for the average user who does not validate > keys. > Obviously, I agree that authentication is very important, but from what I've heard talking to people, there's not energy to do KT right now. What we can do now is make sure there's a slot to put a credential in, so that we can leverage things like PKI that provide some benefit over manual key comparison, and later on we can recharter to work on KT if there's interest. To clarify this, I added the following para: """ While authentication is a key goal of this working group, it is not the objective of this working group to new authentication technologies. Rather, the security protocol developed by this group will provide a way to leverage existing authentication technologies to associate identities with keys used in the protocol, just as TLS does with X.509. """ > 2. Federation (for example like in XMPP, where many people run their own > servers just like for e-mail) probably doesn't require anything specific > but it should be discussed to make sure that it works. It would also be > good to take this into account when discussing authentication and key > transparency to make sure it is clear which guarantees hold for people > on other servers. I think it doesn't necessarily have to be in the > charter but should be in any final proposal. > I think the critical thing to test / validate is that we have interoperability at the level of the specification of the protocol. Just like BoringSSL and NSS interoperate at the level of TLS, but don't assure interoperability of HTTP running over them, we should be aiming for a security protocol that's interoperable between independent implementations, but not worried about interoperability of the rest of the stack. I did make the following tweak to the charter language, though: "to enable interoperability" -> "to enable interoperability / federation" > > > Best Regards, > > Simon > > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls >
- [Mls] Comments on Charter Simon Friedberger
- Re: [MLS] [Mls] Comments on Charter Richard Barnes
- Re: [MLS] [Mls] Comments on Charter Eric Rescorla
- Re: [MLS] [Mls] Comments on Charter Richard Barnes