[MLS] Purpose of path_secret in the Welcome message?

Théophile Wallez <theophile.wallez@inria.fr> Thu, 22 April 2021 11:49 UTC

Return-Path: <theophile.wallez@inria.fr>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 138793A147B for <mls@ietfa.amsl.com>; Thu, 22 Apr 2021 04:49:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id oOK9O80QKtDW for <mls@ietfa.amsl.com>; Thu, 22 Apr 2021 04:49:20 -0700 (PDT)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1BDF3A147A for <mls@ietf.org>; Thu, 22 Apr 2021 04:49:19 -0700 (PDT)
IronPort-HdrOrdr: =?us-ascii?q?A9a23=3AOb5WrK1WUOAde8j1yXgXRgqjBHokLtp033Aq?= =?us-ascii?q?2lEZdDV+dMuEm8ey2MkKzBOcskdzZFgMkc2NUZPwJE/02oVy5eAqU4uKeCnDlC?= =?us-ascii?q?+WIJp57Y3kqgeBJwTb+vRG3altN4hyYeeAb2RStsrx7AmmH9tI+rDum8qVrNzT?= =?us-ascii?q?1nJ8CTxtApsA0y5CFg2ZHkdqLTMrObMFEvOni/Zvln6FcXQTYt/TPBY4Y9Q=3D?=
X-IronPort-AV: E=Sophos;i="5.82,242,1613430000"; d="scan'208";a="504493928"
Received: from unknown (HELO []) ([]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/AES256-GCM-SHA384; 22 Apr 2021 13:49:15 +0200
To: mls@ietf.org
From: =?UTF-8?Q?Th=c3=a9ophile_Wallez?= <theophile.wallez@inria.fr>
Message-ID: <894d5000-fa72-ad62-d5d4-e5e7ad01a3f7@inria.fr>
Date: Thu, 22 Apr 2021 13:49:14 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/w0V_EDDiowbFwfvY9Kcgpmgq_0E>
Subject: [MLS] Purpose of path_secret in the Welcome message?
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Apr 2021 11:49:22 -0000


I am a PhD student currently writing a formalization of MLS, and I was 
wondering about the use of the `path_secret` field in `GroupSecrets`.
To communicate with the group during the current epoch, it is sufficient 
to know `joiner_secret`.
Also, thanks to the concept of unmerged leaves, a newly added leaf don't 
need to know any path secret to handle an UpdatePath: knowing a path 
secret early would simply result in the fact that the leaf could decrypt 
two different `encrypted_path_secret` in `UpdatePathNode`, which does 
not seem useful.

Can someone give me some intuition for when and why this optional 
`path_secret` is used?