[MLS] Welcome Message Extensibility

Konrad Kohbrok <konrad.kohbrok@datashrine.de> Sun, 06 September 2020 07:04 UTC

Return-Path: <konrad.kohbrok@datashrine.de>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 75D463A0BF0 for <mls@ietfa.amsl.com>; Sun, 6 Sep 2020 00:04:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id sE9laVt3aR7U for <mls@ietfa.amsl.com>; Sun, 6 Sep 2020 00:04:48 -0700 (PDT)
Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org []) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0B3A3A0C1F for <mls@ietf.org>; Sun, 6 Sep 2020 00:04:48 -0700 (PDT)
Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:105:465:1:1:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4Bkj8Y6VzHzQlFT for <mls@ietf.org>; Sun, 6 Sep 2020 09:04:45 +0200 (CEST)
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp1.mailbox.org ([]) by spamfilter02.heinlein-hosting.de (spamfilter02.heinlein-hosting.de []) (amavisd-new, port 10030) with ESMTP id jYCd6HxwD2jo for <mls@ietf.org>; Sun, 6 Sep 2020 09:04:43 +0200 (CEST)
To: mls@ietf.org
From: Konrad Kohbrok <konrad.kohbrok@datashrine.de>
Message-ID: <8ec775c3-c014-6b89-9983-f7639f4705a2@datashrine.de>
Date: Sun, 6 Sep 2020 09:04:41 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: de-DE
Content-Transfer-Encoding: 7bit
X-Rspamd-Score: -1.57 / 15.00 / 15.00
X-Rspamd-Queue-Id: EC47826D
X-Rspamd-UID: c0922f
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/r4U5kGudRXBKjJ-AEtAbtbNobxc>
Subject: [MLS] Welcome Message Extensibility
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Sep 2020 07:04:50 -0000

Hi everyone,

While Version and CipherSuite are on the "top-level" of the Welcome message, the
extensions are buried in the GroupInfo. That makes sense, because their content
might be confidential. However, that means that at least the encryption method
of the Welcome message is not extensible.

I have no particularly strong opinion on this, but if anyone has a use case,
where an extension has to "kick-in" before Welcome message decryption, we might
want an additional extensions field on the top level of the Welcome message.
(We would have to make sure it's authenticated, of course.)