IETF Logo Mail Archive

Re: [MLS] -mls-architecture: resolving encrypted group operations

Raphael Robert <ietf@raphaelrobert.com> Thu, 14 March 2024 13:57 UTC

Return-Path: <ietf@raphaelrobert.com>
X-Original-To: mls@ietfa.amsl.com
Delivered-To: mls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2E1AC151064 for <mls@ietfa.amsl.com>; Thu, 14 Mar 2024 06:57:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=raphaelrobert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XVIUEolm3Zu1 for <mls@ietfa.amsl.com>; Thu, 14 Mar 2024 06:57:56 -0700 (PDT)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0289BC151063 for <mls@ietf.org>; Thu, 14 Mar 2024 06:57:55 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-a45f257b81fso122428866b.0 for <mls@ietf.org>; Thu, 14 Mar 2024 06:57:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raphaelrobert.com; s=rr; t=1710424674; x=1711029474; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=xoW1r1eaWmbF0N+3XV2C0VaML4ex+xXcOjdzuYypn0k=; b=In5R3mlH1yxiUZsdh3n/8XyTW2EQcK824ZWSpuU6XteSnB/5puNS9+21J7TJGHOqov 69Ys+jCOGMzBv0IMTGC0zqIWGZ3joQtT8BQ3xX6xiNRi+iIP1Np8CXhTf5CroyUPdBtC uMt/YG/XRBnvuFW55caj49HF5YgTjVpJggUas=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710424674; x=1711029474; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=xoW1r1eaWmbF0N+3XV2C0VaML4ex+xXcOjdzuYypn0k=; b=HAo/oIbkrc35rT0dUFU8Tg4U/LMjun0j+VM8KZe1W9eU+EsvyK6ZYqEBQHtZEw45FC 2MLsIasuxnken7NCQZQGWZ0XoHeiYU40FkSHOs8zUqfCXrx5LXGhu0pj6yWU3BJSpQMn wAXyQi4YBM4hxY6JzaY3gnc+oCrFRsQlWjs0d4jp49ibfdpZnh8NUhFl38nadME6rEKU kqZ9fF7uJNcGKavBjptTBDZdmgeduIjERomOxdAGCK+3sJIRtJ3wCuvK+s4Xy06qhrkx KYgcilm9hgxfatanGv+3A83XomfRZkdFea4+udfv9NUI0FwoJEVSFtRQRsOSc1AzQqmk a9Mw==
X-Forwarded-Encrypted: i=1; AJvYcCVn+TEf/IpxNpP4NOxYKz22UmD+VWretu8vD8v92LbYoUgZYyi3L2mphsNuQq2qV2/oaNM8ixzY24g+4T8=
X-Gm-Message-State: AOJu0Yx5XiKAPg9T8M0fKnYC8Ofq7eflbJK6zfsRJxadSffSvnki3Rtb NBWW5v2I0WMWzZoDv7whNb20nKlNhm2IOrmGzsjelQbOy3SCpC2r3vFtsQbZa6I=
X-Google-Smtp-Source: AGHT+IHRo/rW1EqtBLA7VcUqNxRM6QX0yaV2reluklNkRZHLHwOGUhCnOELI45fqJwSPuW0Ghfzv5A==
X-Received: by 2002:a17:907:b9d8:b0:a46:6686:6d08 with SMTP id xa24-20020a170907b9d800b00a4666866d08mr1216652ejc.74.1710424673996; Thu, 14 Mar 2024 06:57:53 -0700 (PDT)
Received: from smtpclient.apple ([2a01:599:119:70e9:585a:9263:7c68:571a]) by smtp.gmail.com with ESMTPSA id s5-20020a1709062ec500b00a4452ed413asm746331eji.16.2024.03.14.06.57.52 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Mar 2024 06:57:53 -0700 (PDT)
From: Raphael Robert <ietf@raphaelrobert.com>
Message-Id: <3B06B516-4121-4082-B9C8-7769458393BB@raphaelrobert.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_F74CCA82-5DEC-4E4F-B778-AF5E7788645A"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
Date: Thu, 14 Mar 2024 14:57:39 +0100
In-Reply-To: <CAJTd26+cARm7b2HFCbWget22eK=g6qkL_K5z=7Dm95gSuWibiQ@mail.gmail.com>
Cc: Benjamin Beurdouche <ietf@beurdouche.com>, Sean Turner <sean@sn3rd.com>, ML IETF Messaging Layer Security <mls@ietf.org>
To: Brendan McMillion <brendanmcmillion@gmail.com>
References: <E88F391B-19CF-4A54-BA4D-743B99599FFC@sn3rd.com> <B7FAB2EC-5B46-478C-92FB-E7559010EAF8@beurdouche.com> <CAJTd26+cARm7b2HFCbWget22eK=g6qkL_K5z=7Dm95gSuWibiQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3774.400.31)
Archived-At: <https://mailarchive.ietf.org/arch/msg/mls/zZe4l0B4UlXaW8qQWU2uFdYWv2Q>
Subject: Re: [MLS] -mls-architecture: resolving encrypted group operations
X-BeenThere: mls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Messaging Layer Security <mls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mls>, <mailto:mls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mls/>
List-Post: <mailto:mls@ietf.org>
List-Help: <mailto:mls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mls>, <mailto:mls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2024 13:57:59 -0000

Hi! As always I think privacy is terribly important and I think both PRs work towards that end. I have a slight preference for #246 because it actually recommends that “Applications that use unencrypted handshake messages may take additional steps to reduce the amount of metadata that is exposed to the intermediary”.

Raphael

> On 14. Mar 2024, at 14:14, Brendan McMillion <brendanmcmillion@gmail.com> wrote:
> 
> I have a preference for #249. The idea that we are guilting people into doing something hard or inefficient with this recommendation is not true. Deploying MLS with encrypted handshake messages is actually easier! There is less to do, fewer moving parts. Even if an application doesn't go "all the way" by providing anonymity, handshake encryption still protects metadata at-rest. And for the group sizes used by consumer-facing messengers (~1000 max), the efficiency impact is minimal.
> 
> On Thu, Mar 14, 2024 at 3:08 AM Benjamin Beurdouche <ietf@beurdouche.com <mailto:ietf@beurdouche.com>> wrote:
>> Hi,
>> 
>> I have a preference for the other #249 which keeps the recommendation but I would be fine with either. 
>> 
>> My main reason is that, in the rest of the architecture document, the idea is to have the strongest 
>> security target possible as a recommandation and take explicit action to relax properties when needed.
>> 
>> In that spirit I don’t see an issue with encrypting group operations even in the case you need server assist,
>> the tradeoff being an additional ciphertext explicitly providing the information to the expected server 
>> and only that server…
>> 
>> Ben
>> 
>> 
>> > On 14 Mar 2024, at 04:56, Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com>> wrote:
>> > 
>> > Hi! Last we met, we talked about how to resolve the issue related to one of the encrypted group operation’s recommendations [1]; also, thanks to Brendan for starting this thread [2].  This thread is intended to help Nick and I call consensus on which of the two PRs to direct the authors to land. If it is not clear from this thread, we will discuss at our session at IETF 119.  The two PRs follow:
>> > 
>> > 1. PR #246 [3] rewords the issue description and removes the recommendation; this change keeps us (the royal us) from looking silly when the first protocol to call out MLS does not follow the recommendation.
>> > 
>> > 2. PR #249 [4] keeps recommendation but state that applications may use unencrypted operations if they have an explicit reason to.
>> > 
>> > Cheers,
>> > spt
>> > 
>> > [1] https://github.com/mlswg/mls-architecture/issues/210
>> > [2] https://mailarchive.ietf.org/arch/msg/mls/1ohlP2TZr_LBuLyM7rfDKnM9Jo8/
>> > [3] https://github.com/mlswg/mls-architecture/pull/246
>> > [4] https://github.com/mlswg/mls-architecture/pull/249
>> > _______________________________________________
>> > MLS mailing list
>> > MLS@ietf.org <mailto:MLS@ietf.org>
>> > https://www.ietf.org/mailman/listinfo/mls
>> 
>> _______________________________________________
>> MLS mailing list
>> MLS@ietf.org <mailto:MLS@ietf.org>
>> https://www.ietf.org/mailman/listinfo/mls
> _______________________________________________
> MLS mailing list
> MLS@ietf.org
> https://www.ietf.org/mailman/listinfo/mls

v2.23.0 | Report a Bug | By Email