Re: [MLS] [Mls] Comments on Charter

Richard Barnes <> Tue, 13 March 2018 15:58 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E78A9127241 for <>; Tue, 13 Mar 2018 08:58:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PXkhN0VI93xK for <>; Tue, 13 Mar 2018 08:58:03 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c0c::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 944AD126DC2 for <>; Tue, 13 Mar 2018 08:57:39 -0700 (PDT)
Received: by with SMTP id l8so281123wrg.5 for <>; Tue, 13 Mar 2018 08:57:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=kr+Vmv7cCYWL5xYo0bqHxHeb9zCSxj4WIDBNm4X5JS0=; b=BWI2ji0Af9TLAg6T25xrv7C35BHUn4Lkz1frSeDcCKqnIm7lTrOtbtJsd6EHS9auis DFHGPigSJ+xqZtGF42myWDJrFkqSa+pREnQ7dCfbizDi5oSPPusrFcpakMXveJQIVCwi U5uGM8jWenowg0pZtaBGJpaqTZlrqLaR44rX8tvh+18aH4n7ENNFnIyzKdUoEMWkDgJF HsaCV0igOBAXcYxJyVheDiMk/DT4nxyrC1i1H3TeKZoffy/wMLHSofiYVGmGr/1IDno6 rWMG/uqHU+lUaWRLCeTu7q8IZU+lZFTdMMeteLH8TWGsU+NgeOIDBiFc7TJKZgSJah1i X+Rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=kr+Vmv7cCYWL5xYo0bqHxHeb9zCSxj4WIDBNm4X5JS0=; b=FV5ChuUE4lThdHPfftnh1jSFfs9cGXdiS54/OgwsO24RHOPLEP12c+w/OIuqp+ImQn YonwzpfM0J0nY+m6ccQST/Bkq8CQbXHLi0p9UpleeSQX12O8Hr99oVnW5KSthy9QsIYj 2WUQW8tkEx4htBsbKqlPfuJR0qjdGbPX65/e3ICsx+5UMllX/AgrRudb5jf5lFC/9t7N Km9JZs7weVb5da7/IOAbrJplV4h3vGbo9ZUqmn+y2zywEBf1ZOClfLbHZf5X1ASxqBYe Xt+LKNs+fi1DTderzO+QBiEt0PNUEnG8Sr2w25NxAIbamgFnAir67+Fd68iZBBLqXhDz aoEA==
X-Gm-Message-State: AElRT7GVevUhevgt+BMxnp34fFL1Dunw26Qbpv7PQQ2VmFj5Y2yta9KM mgQzvZCqYZTaLS/CIizviFJ+mzUJz4Pc/ClOI5CSu4fz0ws=
X-Google-Smtp-Source: AG47ELvLvLOj48Xxg563YmysOkJUr50DfKgc0muiPgn4P4OVEWw+h5wtbp6TIM9tsnFOqm20Yzw++qjq0yjbePyGOM8=
X-Received: by with SMTP id s36mr1040554wrc.52.1520956657919; Tue, 13 Mar 2018 08:57:37 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Tue, 13 Mar 2018 08:57:37 -0700 (PDT)
In-Reply-To: <>
References: <>
From: Richard Barnes <>
Date: Tue, 13 Mar 2018 11:57:37 -0400
Message-ID: <>
To: Simon Friedberger <>
Content-Type: multipart/alternative; boundary="001a113b37b6507e8c05674d5121"
Archived-At: <>
Subject: Re: [MLS] [Mls] Comments on Charter
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Messaging Layer Security <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Mar 2018 15:58:18 -0000

Hey Simon,

Thanks for the comments, sorry for the delay.

On Tue, Feb 6, 2018 at 7:11 AM, Simon Friedberger <>

> 1. I think key transparency should be mentioned. Key distribution is a
> huge semi-solved problem and leaving it out is not really an option. It
> seriously degrades security for the average user who does not validate
> keys.

Obviously, I agree that authentication is very important, but from what
I've heard talking to people, there's not energy to do KT right now.  What
we can do now is make sure there's a slot to put a credential in, so that
we can leverage things like PKI that provide some benefit over manual key
comparison, and later on we can recharter to work on KT if there's interest.

To clarify this, I added the following para:

While authentication is a key goal of this working group, it is not the
objective of this working group to new authentication technologies.
Rather, the security protocol developed by this group will provide a way to
leverage existing authentication technologies to associate identities with
keys used in the protocol, just as TLS does with X.509.

> 2. Federation (for example like in XMPP, where many people run their own
> servers just like for e-mail) probably doesn't require anything specific
> but it should be discussed to make sure that it works. It would also be
> good to take this into account when discussing authentication and key
> transparency to make sure it is clear which guarantees hold for people
> on other servers. I think it doesn't necessarily have to be in the
> charter but should be in any final proposal.

I think the critical thing to test / validate is that we have
interoperability at the level of the specification of the protocol.  Just
like BoringSSL and NSS interoperate at the level of TLS, but don't assure
interoperability of HTTP running over them, we should be aiming for a
security protocol that's interoperable between independent implementations,
but not worried about interoperability of the rest of the stack.

I did make the following tweak to the charter language, though:

"to enable interoperability" -> "to enable interoperability / federation"

> Best Regards,
> Simon
> _______________________________________________
> MLS mailing list