From thomasleavy1@gmail.com Thu Aug 12 10:32:23 2021 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51EC03A43F4 for ; Thu, 12 Aug 2021 10:32:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.847 X-Spam-Level: X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G0Tp7ns9nQJx for ; Thu, 12 Aug 2021 10:32:20 -0700 (PDT) Received: from mail-qv1-xf32.google.com (mail-qv1-xf32.google.com [IPv6:2607:f8b0:4864:20::f32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00DA73A43EF for ; Thu, 12 Aug 2021 10:32:16 -0700 (PDT) Received: by mail-qv1-xf32.google.com with SMTP id kl2so3559348qvb.11 for ; Thu, 12 Aug 2021 10:32:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=content-transfer-encoding:from:mime-version:date:subject:message-id :to; bh=Ed+yqREG+XHh13Lw0Nge04fSdfTSQCTCfck8K+7DrrU=; b=lX0GQzbtEoSiT7Anpx+oiyehqsECbnBls/OV9UzV9B8lzUvwrsp5e6ORMMCY7zZrUU KTN5KJzebSXuP0uXzjkz2BehcJ7a35uWEwALVeb7Pn8545gTM80kf4hG+29qZpoW0rrX RZQTlVyvxR9eruHNd19Es5CFVG7E5Bs1+6y2+3OfkiYOzcn5/44jjk/lTVPT8EfYO+U+ xRxHK20XDiJr1jc8dDVB6gyvLEEFn2SMC0Ppx3n+2+ig5vmbRye5224xwsAsG4+4oWe0 r5y7yGsqfL53zqswLLQ4xlsTWbEKR5J5z/2WfUod030pX88To4FGog+vzDjF3Fr2X/Jy jTBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version:date :subject:message-id:to; bh=Ed+yqREG+XHh13Lw0Nge04fSdfTSQCTCfck8K+7DrrU=; b=ZkDnX5P7ZUmpk0128il5XZmh5MsrB1ceq5rIi0DfpUlfKiqY1TAg1Z1qibXsdZNEFp PPvJEOFpcc+QPv7lgAip8p7AY02/OdMZm5FgVK71TChitTDY2Y2viObCmxsUeDRrW16Z hfLPn3Inx8NU9WsAn6/C0QlltEpwNcpptfL8B8+w27LSdpbp5f39JLD+VQeH/hrVbkny imVHElHQuWCChOnCza9sh3KBAj3WW4wwweTgN/mpOw3uuJDyI+PtF+hWQtArVNNLJFp0 6yisPSuHKFiN/u6grT47Jf4A0+x+7qCMbpDrY0uKRYSWm1mcRDazzGgCw0fFyrhDaZzW EQOA== X-Gm-Message-State: AOAM531J2orJoEJgPRuifmF6DODQj0iz1TqSewV/wuFBLIoLYOrs6V6U 2kU8rvnQonAQD/bLH2LvgIuhFDzT4Mw= X-Google-Smtp-Source: ABdhPJzAnWt78/PU4AMVHPCOxanxfjN/jWSXfqyOqhkOX7KKdsm0jdS6N3TmIE2PVuZNDfipWaUTZg== X-Received: by 2002:ad4:5f09:: with SMTP id fo9mr4964532qvb.35.1628789534667; Thu, 12 Aug 2021 10:32:14 -0700 (PDT) Received: from smtpclient.apple ([8.21.13.6]) by smtp.gmail.com with ESMTPSA id o6sm1704044qkp.111.2021.08.12.10.32.14 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 12 Aug 2021 10:32:14 -0700 (PDT) Content-Type: multipart/alternative; boundary=Apple-Mail-AFB873C2-EB86-4F75-9D3A-9B30D3BE5299 Content-Transfer-Encoding: 7bit From: thomas leavy Mime-Version: 1.0 (1.0) Date: Thu, 12 Aug 2021 13:32:13 -0400 Message-Id: <88897B19-69D6-4435-BAAB-073B31F169B4@gmail.com> To: MLS@ietf.org X-Mailer: iPhone Mail (19A5307g) Archived-At: Subject: [MLS] Extensibility question X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Aug 2021 18:17:54 -0000 --Apple-Mail-AFB873C2-EB86-4F75-9D3A-9B30D3BE5299 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, I=E2=80=99ve been checking out the protocol and architecture docs and I=E2=80= =99m a bit confused about how extensions should be developed. Section 12 tal= ks about extensions in key packages being able =E2=80=9Cto describe client c= apabilities and aspects of their participation in the group=E2=80=9D.=20 I was thinking about this using the example of a basic moderation extension w= here each leaf would have a flag inside an extension indicating their modera= tor status. However, I can=E2=80=99t figure out how one would implement upda= tes to a members=E2=80=99s status using the current set of proposals? Are pr= oposals meant to also be an extendable set where extensions can define their= own, or is there a better existing solution already in the specification?=20= --Apple-Mail-AFB873C2-EB86-4F75-9D3A-9B30D3BE5299 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello,

I=E2=80= =99ve been checking out the protocol and architecture docs and I=E2=80=99m a= bit confused about how extensions should be developed. Section 12 talks abo= ut extensions in key packages being able =E2=80=9Cto describe client capabil= ities and aspects of their participation in the group=E2=80=9D. =

I was thinking about this using the example of a basic moderation extens= ion where each leaf would have a flag inside an extension indicating their m= oderator status. However, I can=E2=80=99t figure out how one would implement= updates to a members=E2=80=99s status using the current set of proposals? A= re proposals meant to also be an extendable set where extensions can define t= heir own, or is there a better existing solution already in the specificatio= n? 
= --Apple-Mail-AFB873C2-EB86-4F75-9D3A-9B30D3BE5299-- From nobody Thu Aug 12 13:50:35 2021 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3811E3A4952 for ; Thu, 12 Aug 2021 13:50:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=raphaelrobert.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZCyFOFXouXah for ; Thu, 12 Aug 2021 13:50:28 -0700 (PDT) Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41C103A4951 for ; Thu, 12 Aug 2021 13:50:28 -0700 (PDT) Received: by mail-wm1-x32c.google.com with SMTP id f9-20020a05600c1549b029025b0f5d8c6cso8094475wmg.4 for ; Thu, 12 Aug 2021 13:50:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=raphaelrobert.com; s=rr; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=P+7bNBC41bTZUphwNm2VSH9iTIiMgoaMxIrDh/XVRKU=; b=i6Jfz1lFz3RXUjoxQUtSMebJpH+G7Yxa1H/blIeD72cegVJCbdocsqkzTl0xdUHusq Y1h5y8KPXvIlpj3eV0ce07fQYO49q0+vcZuSe6/ZaK6aIV8UgILtFKNkZ52yA+WZECsg UK/I07bxi7jLxpGzViLRs38ttGpGQ/yV8GCeg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=P+7bNBC41bTZUphwNm2VSH9iTIiMgoaMxIrDh/XVRKU=; b=fZeDF0XUaq54FNQcpdTZU/TpNZq81OJpZ/8Vx3FKOx1M43yrrY24pk4WESdG7Lh1tk EJMMqBLnktdtLP5GahZB0d1yNGcs1ln8yZOE3jRKGY0nArygR3nBl/PYKI5lNn7q5M+q BHYSKEdSSHju0auPP7IvsJwCOUh29Dl3cmXi9zGAjc0lqMMeEb3nT2/gxBjprvPYTXGp 04lyx+XxhcevYYTVDFBj72Bwa8YuXPTsvSzw1BU0IpiFumzQlzmpbKSh2WDXoietudSy B5QMJDU2zviWiRV9TkzxYlXQGNwmQzWYeAjFCPL3unBqZspvFbobMgrxrdgXVXeCuIFh RgMQ== X-Gm-Message-State: AOAM5317x4CvTYz217J1we7G37sP3Yg9ljW5yWGypmu+SFli4D3B/H7s dVu7lD7kmbx+1la+j+RoRzEnxw== X-Google-Smtp-Source: ABdhPJz3e14vq70wynRmPsEjvtN/cM86iX5z2Qat3pgebwhp2rC19M1hu7Z4nLKhpeu4gwmqh/AvhQ== X-Received: by 2002:a1c:7714:: with SMTP id t20mr378906wmi.175.1628801424449; Thu, 12 Aug 2021 13:50:24 -0700 (PDT) Received: from smtpclient.apple (HSI-KBW-095-208-241-080.hsi5.kabel-badenwuerttemberg.de. [95.208.241.80]) by smtp.gmail.com with ESMTPSA id b13sm3958420wrf.86.2021.08.12.13.50.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Aug 2021 13:50:23 -0700 (PDT) From: Raphael Robert Message-Id: <44BCFC18-E226-4CBA-8FB6-98B5DBC97150@raphaelrobert.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_1A6A545D-C0A6-4956-AF7E-88E17FC6EB48" Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\)) Date: Thu, 12 Aug 2021 22:50:22 +0200 In-Reply-To: <88897B19-69D6-4435-BAAB-073B31F169B4@gmail.com> Cc: MLS@ietf.org To: thomas leavy References: <88897B19-69D6-4435-BAAB-073B31F169B4@gmail.com> X-Mailer: Apple Mail (2.3654.120.0.1.13) Archived-At: Subject: Re: [MLS] Extensibility question X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Aug 2021 20:50:34 -0000 --Apple-Mail=_1A6A545D-C0A6-4956-AF7E-88E17FC6EB48 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Thomas, There=E2=80=99s been an ongoing discussion about it, that received an = update just a few hours ago: = https://github.com/mlswg/mls-protocol/issues/473#issuecomment-897818956 = Raphael > On 12. Aug 2021, at 19:32, thomas leavy = wrote: >=20 > Hello, >=20 > I=E2=80=99ve been checking out the protocol and architecture docs and = I=E2=80=99m a bit confused about how extensions should be developed. = Section 12 talks about extensions in key packages being able =E2=80=9Cto = describe client capabilities and aspects of their participation in the = group=E2=80=9D.=20 >=20 > I was thinking about this using the example of a basic moderation = extension where each leaf would have a flag inside an extension = indicating their moderator status. However, I can=E2=80=99t figure out = how one would implement updates to a members=E2=80=99s status using the = current set of proposals? Are proposals meant to also be an extendable = set where extensions can define their own, or is there a better existing = solution already in the specification?=20 > _______________________________________________ > MLS mailing list > MLS@ietf.org > https://www.ietf.org/mailman/listinfo/mls --Apple-Mail=_1A6A545D-C0A6-4956-AF7E-88E17FC6EB48 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi = Thomas,

There=E2=80=99= s been an ongoing discussion about it, that received an update just a = few hours ago: https://github.com/mlswg/mls-protocol/issues/473#issuecomment-8= 97818956

Raphael

On 12. Aug 2021, at 19:32, = thomas leavy <thomasleavy1@gmail.com> wrote:

Hello,

I=E2=80=99= ve been checking out the protocol and architecture docs and I=E2=80=99m = a bit confused about how extensions should be developed. Section 12 = talks about extensions in key packages being able =E2=80=9Cto describe = client capabilities and aspects of their participation in the = group=E2=80=9D. 

I was thinking about this = using the example of a basic moderation extension where each leaf would = have a flag inside an extension indicating their moderator status. = However, I can=E2=80=99t figure out how one would implement updates to a = members=E2=80=99s status using the current set of proposals? Are = proposals meant to also be an extendable set where extensions can define = their own, or is there a better existing solution already in the = specification? 
____________________________= ___________________
MLS mailing list
MLS@ietf.org
https://www.ietf.org/mailman/listinfo/mls

= --Apple-Mail=_1A6A545D-C0A6-4956-AF7E-88E17FC6EB48-- From nobody Sun Aug 15 00:51:12 2021 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64F783A0B88 for ; Sun, 15 Aug 2021 00:51:06 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=fZvE/8Hn; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=wOPZeC37 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ws4O33JxWDng for ; Sun, 15 Aug 2021 00:51:00 -0700 (PDT) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 532113A0B89 for ; Sun, 15 Aug 2021 00:51:00 -0700 (PDT) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 8AC765C00F5 for ; Sun, 15 Aug 2021 03:34:20 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Sun, 15 Aug 2021 03:34:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h= content-type:mime-version:from:to:subject; s=fm3; bh=Dnof8ROdBAi NgcLaE4KHlSCJccl3GGGDifSfEQ/Wwh0=; b=fZvE/8HnHqxqFoy79JyZ9QQB39r M1kIx42lCFqigsq6EdlJciHYY18Og2Yk1DI6bYy6FmYarfF2a/v7DtN3naL25M6v 1rFU80B386DcGaxRHYgq/RzgMzdWbc2cZOaTGhZrVDJxCrAFicyHa1y0azdr4/lH htQzZ80BQmN3orlnR+QHo5cPyY9EiSTnuyTyh1KpAK0lCUyGvUa69bCilrswWQT8 z2InjqbwFxZ9/v84NGE2ABH2s6ke7QlTWkXUUqU/wp0yv1Dfpa9AwzVFEIMlurw+ j1b5x/O9uqhWmDESx9FiEh7A4ea88/fpU/6J8lGxyEqB/c6rnNJzPBXcj4A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:from:mime-version:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=Dnof8ROdBAiNgcLaE4KHlSCJccl3GGGDifSfEQ/Wwh0=; b=wOPZeC37 pLhMgujN3uT3xM/n/m3cHpjRv3ktJhbY73lk6WoZ32hoKOM3Y//evWfsJR7q2M/K owH6pBiVMiPGxhdN8zFM6WOXSxvNU58WrxqCzNYUYt5BsvmTOJGH4y7NptbwmnOw ChtEZcIsRpsAbHevgHndEbX3RBVxwLBfB2ikY/xioNnzA6uvqjP4xnUULawEOep6 sfeqv+mBPOCDtLoNuSt7Y+aq/jz8fS2JePp7V15q2bCFc2RnbPGUYQTsDAczRGHV YKkFjlUxAidjHT1kRoNsrC9UcM1+LNo+MBKH1i2IEVI3hwYPQe+QkFyi7D0lpSOM OloynzyhGK2bWw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrkeekgdduvdduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucfpohcuuggrthgvuchfihgvlhguucdlgeelmdenuc fjughrpegtggfhvffusegrtddtredttdejnecuhfhrohhmpeftvghpohhsihhtohhrhicu tegtthhivhhithihucfuuhhmmhgrrhihuceuohhtuceoughopghnohhtpghrvghplhihse hmnhhothdrnhgvtheqnecuggftrfgrthhtvghrnhepkeefvdduteejvdefkeehieevuefg fefhteetveegffekffefteffvdelheduieetnecuffhomhgrihhnpehgihhthhhusgdrtg homhenucevlhhushhtvghrufhiiigvpedvnecurfgrrhgrmhepmhgrihhlfhhrohhmpegu ohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvght X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sun, 15 Aug 2021 03:34:20 -0400 (EDT) Content-Type: multipart/alternative; boundary="===============7813859035806202244==" MIME-Version: 1.0 From: Repository Activity Summary Bot To: mls@ietf.org Message-Id: <20210815075100.532113A0B89@ietfa.amsl.com> Date: Sun, 15 Aug 2021 00:51:00 -0700 (PDT) Archived-At: Subject: [MLS] Weekly github digest (MLS Working Group summary) X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Aug 2021 07:51:07 -0000 --===============7813859035806202244== MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8"; format="flowed" Issues ------ * mlswg/mls-protocol (+0/-2/=F0=9F=92=AC7) 5 issues received 7 new comments: - #473 Extensions (2 by bifurcation) https://github.com/mlswg/mls-protocol/issues/473=20 - #459 Trim tree after removal (1 by bifurcation) https://github.com/mlswg/mls-protocol/issues/459=20 - #457 Clarify ParentHash verification (2 by bifurcation, franziskuskiefe= r) https://github.com/mlswg/mls-protocol/issues/457=20 - #443 External commit for resync used with PSK (1 by bifurcation) https://github.com/mlswg/mls-protocol/issues/443=20 - #432 Remove the concept of leaf indices (1 by bifurcation) https://github.com/mlswg/mls-protocol/issues/432=20 2 issues closed: - Clarify ParentHash verification https://github.com/mlswg/mls-protocol/i= ssues/457=20 - Trim tree after removal https://github.com/mlswg/mls-protocol/issues/45= 9=20 Pull requests ------------- * mlswg/mls-protocol (+1/-0/=F0=9F=92=AC4) 1 pull requests submitted: - Revisit the notion of identity in MLS groups (by kkohbrok) https://github.com/mlswg/mls-protocol/pull/476=20 4 pull requests received 4 new comments: - #467 An entropy pool design for MLS (1 by kkohbrok) https://github.com/mlswg/mls-protocol/pull/467=20 - #464 Clarify which extensions should go into the group context (1 by kk= ohbrok) https://github.com/mlswg/mls-protocol/pull/464=20 - #454 more editorial changes (1 by uhoreg) https://github.com/mlswg/mls-protocol/pull/454=20 - #453 Use the GroupContext to derive the joiner_secret (1 by kkohbrok) https://github.com/mlswg/mls-protocol/pull/453=20 Repositories tracked by this digest: ----------------------------------- * https://github.com/mlswg/mls-architecture * https://github.com/mlswg/mls-protocol * https://github.com/mlswg/mls-federation --===============7813859035806202244== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Weekly github digest (MLS Working Group summary)

Sunday August 15, 2021

Issues

mlswg/mls-protocol (+0/-2/=F0=9F=92=AC7)

5 issues received 7 new comments:

2 issues closed:

Pull requests

mlswg/mls-protocol (+1/-0/=F0=9F=92=AC4)

1 pull requests submitted:

4 pull requests received 4 new comments:

Repositories tracked by this digest:

--===============7813859035806202244==-- From nobody Sun Aug 15 23:50:18 2021 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B6D33A1A10 for ; Sun, 15 Aug 2021 23:50:16 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZWKQuxSWkCEw for ; Sun, 15 Aug 2021 23:50:14 -0700 (PDT) Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [80.241.56.151]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD9E63A1A0E for ; Sun, 15 Aug 2021 23:50:12 -0700 (PDT) Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4Gp4Xx69SCzQkBP for ; Mon, 16 Aug 2021 08:50:09 +0200 (CEST) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by hefe.heinlein-support.de (hefe.heinlein-support.de [91.198.250.172]) (amavisd-new, port 10030) with ESMTP id pdbpEwUtmlie for ; Mon, 16 Aug 2021 08:50:06 +0200 (CEST) Date: Mon, 16 Aug 2021 08:50:06 +0200 (CEST) From: Konrad Kohbrok To: "mls@ietf.org" Message-ID: <193617298.86616.1629096606135@office.mailbox.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Priority: 3 Importance: Normal X-Rspamd-Queue-Id: B083418CA X-Rspamd-UID: 5935c5 Archived-At: Subject: [MLS] Identity in MLS X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Aug 2021 06:50:17 -0000 Hi everyone, after a discussion with Richard and Raphael on the subject of identity in MLS, there is now a new PR on the subject of `identity` in MLS groups. https://github.com/mlswg/mls-protocol/pull/476 The motivation behind the original PR was to prevent cases where group members can only be uniquely identified via the index of their leaf, as there was no rule that any part of a KeyPackage had to be unique. The PR linked above changes a few things in the regard. It introduces a new `endpoint_id` field to the KeyPackage, which serves to distinguish KeyPackages in cases where the `identity` in the Credentials of two KeyPackages is the same. It also poses a few restrictions on Adds and Updates: Generally, for both Adds and Updates, the committer has to ensure that - signature keys are unique within a group (this is so that the sender of a message can be determined uniquely within a group), - `(identity, endpoint_id)` tuples are unique in a group, - `hpke_init_key`s are unique in a group. Additionally, Updates have to ensure that the new and the old key package have the same identity (in the Credential), endpoint_id, version and cipher_suite as the key package they replace and that the new and the old key package do not share the same `hpke_init_key`. The restrictions on Updates of course also hold for KeyPackages in `UpdatePath` fields. The reason that we introduce an `endpoint_id` in the KeyPackage and require uniqueness in combination with the credential's `idenity` rather than simply requiring that the `identity` in the credential is unique is due to possible restrictions in the way that an AS might issue/authenticate credentials in general and the X509 use case in particular. As Richard pointed out, a CA will only sign things it can confirm. So, for example, when using an email address as a user's identity, the CA will sign a certificate for that email address, but not for any other identifier (such as a device id) that it can't confirm. Looking forward to hearing your thoughts and feedback on the PR! Cheers, Konrad From nobody Mon Aug 23 13:52:49 2021 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EC2A3A1747 for ; Mon, 23 Aug 2021 13:52:45 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PXphIImp_Bzn for ; Mon, 23 Aug 2021 13:52:42 -0700 (PDT) Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28C073A1744 for ; Mon, 23 Aug 2021 13:52:41 -0700 (PDT) Received: by mail-qk1-x72c.google.com with SMTP id 14so20739601qkc.4 for ; Mon, 23 Aug 2021 13:52:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=xcHpGDDM3yVhKbW7ZEY7FpOxFX3LyBY+8uv1I8EVpH0=; b=NV1XN+74vHt296kAo1aEo/ErSXuB+9hglCcXiA6myhd0IJ9atX/3mWErmIx2XLTjEH XVfEwfGuU3yJc2ZSYNy7bb67m2BDjI8ihN+GXxSjC8iSQ1FPkt7PdU2N2bUnWX8Tkl0k Hh0JMEke8VXwvQ8T0/oSFAkn2t0+k3IYdceJfbI5hevKUnBmSGbbCokqdYlqu7ZO5obL yObW/n5F2WCnU//UrNcDTpKVNZ0CkIYWaPEDDjdb/kL5kdWq2Pbf8Jm7P87QMEzJ39wm BxOBtcWHpKCGAZWjcb1kJDeGFiVtjb6tudWNeKr1RDIQb470U9PAkuM3DNZWNxiMLhAs +3rQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=xcHpGDDM3yVhKbW7ZEY7FpOxFX3LyBY+8uv1I8EVpH0=; b=kl7e6MRHYlxjaoLTAWTbb2PC2l5Yh/C2UVJyabqQCixfvlpbMJdboUCfzcBnA6+kXU 8qVuObKsLmqzJUTqXFKW0TFXqIvATJWPpDP9UzkA1ScaIo6bejrFD9QJ8sg546R4TE0t hEllONI3EHLAQtxc23cFCYE4TM7QHW+EGFl89pBIIAF2o3hMpQSviq5fCRzmidhxl3DB +NBUyeX6XVObW5Ip5JepepGx1yrP4KSPUig10UJ74Ef3DkasVpIUUQrV9Q+mpFNqSZpd yy1W7tQg6WtL7Z60khrmz0YDtOikhektqu5USaIsQ80cWewZfhqIR2m0JgCIQsTmmQCD eYFA== X-Gm-Message-State: AOAM530nfx9qXuar9vuaTn5oVb6UgjsbDWEAirVEbgOgpY+FXfzPSF4L XvVKMafmXptvSgiudLks2PF+rxSDGNVPdi1UbNQWzoVppQ7VzQ== X-Google-Smtp-Source: ABdhPJweexwjjXykQUrYKmjOkLTLhVU/pCpfq6tCugYafPuEj+9MrIMO4A72glu/QABQn8VjwiBfxVSes3vCkNo22pk= X-Received: by 2002:a37:741:: with SMTP id 62mr23939917qkh.490.1629751959195; Mon, 23 Aug 2021 13:52:39 -0700 (PDT) MIME-Version: 1.0 From: Richard Barnes Date: Mon, 23 Aug 2021 10:52:28 -1000 Message-ID: To: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="00000000000099a50d05ca40327d" Archived-At: Subject: [MLS] Interop update X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Aug 2021 20:52:47 -0000 --00000000000099a50d05ca40327d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi MLS folks, We have Interop! The MLSpp and OpenMLS teams have worked off and on over the summer on getting to interoperability, and a couple of weeks ago, we had our first successful protocol interactions! * Each stack can verify test vectors [1] generated by the other stack * We can establish 1:1 sessions between clients for all ciphersuites * Some three-party mixed-stack cases are also working So we=E2=80=99ve graduated from the basic, test-vector-based tests into act= ual protocol operations. Next step is to work our way through the various things the protocol can do (updates, removes, PSKs, external joins, etc.). If other folks have been working on implementations, it would be great to do some broader testing. We have a gRPC-based test framework [2], so you just need to build a small shim layer around your implementation in order to be able to easily run interop tests. The test framework repo has example shim layers in C++, Go, and Rust. Cheers, =E2=80=94Richard [1] https://github.com/mlswg/mls-implementations/blob/main/test-vectors.md [2] https://github.com/mlswg/mls-implementations/blob/main/test-harness.md --00000000000099a50d05ca40327d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi MLS folks,

We have Interop!

The MLSpp and= OpenMLS teams have worked off and on over the summer on getting to interop= erability, and a couple of weeks ago, we had our first successful protocol = interactions! =C2=A0

* Each stack can verify test vectors [1] genera= ted by the other stack
* We can establish 1:1 sessions between clients f= or all ciphersuites
* Some three-party mixed-stack cases are also workin= g

So we=E2=80=99ve graduated from the basic, test-vector-based tests= into actual protocol operations. Next step is to work our way through the = various things the protocol can do (updates, removes, PSKs, external joins,= etc.).

If other folks have been working on implementations, it woul= d be great to do some broader testing.=C2=A0 We have a gRPC-based test fram= ework [2], so you just need to build a small shim layer around your impleme= ntation in order to be able to easily run interop tests.=C2=A0 The test fra= mework repo has example shim layers in C++, Go, and Rust.

Cheers,=E2=80=94Richard

[1] https://github.com/mlswg/mls-implement= ations/blob/main/test-vectors.md
[2] https://github.com/mlsw= g/mls-implementations/blob/main/test-harness.md
--00000000000099a50d05ca40327d-- From nobody Mon Aug 23 13:53:32 2021 Return-Path: X-Original-To: mls@ietfa.amsl.com Delivered-To: mls@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 203B43A1757 for ; Mon, 23 Aug 2021 13:53:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jLKHhbfiFNyW for ; Mon, 23 Aug 2021 13:53:27 -0700 (PDT) Received: from mail-qv1-xf34.google.com (mail-qv1-xf34.google.com [IPv6:2607:f8b0:4864:20::f34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 957313A1752 for ; Mon, 23 Aug 2021 13:53:27 -0700 (PDT) Received: by mail-qv1-xf34.google.com with SMTP id jv8so10518559qvb.3 for ; Mon, 23 Aug 2021 13:53:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=ME0IZl2k4YDwEHmSz0aBHwskuxzlIyoCmEBCIBD4CwM=; b=enIgR7ddmHHMRf7ckWQ7svFvM0c5SlN5gfMoV6Ezw1AUGR45KbSSf8DRY+G8LYsMRu EkjDNobXAAXeiyCAW4b1VD5l5PzNldczNXS0AuJxv0hGUWUJNzDHU+0WYs0Cng/vGtWO jOBBWMQFqosbb1fVlggczggakBGWMCZfkVXsI6cteDdLpfVwEv6AIAvdj01sNX0olkzm ZHkoOcQYK5Uxi1cwy9ipfsQwgqnNz9O3wPOCOC09hRuyvOeu/nheIeVCmqfnT6zy73f2 j17bR+HcY3Xjbdzcyl6LheSPnVfWI0Ntz+6VZz0r+bJhsNLLaZegVfv7ZjsENjf9FYBO fo5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ME0IZl2k4YDwEHmSz0aBHwskuxzlIyoCmEBCIBD4CwM=; b=dmfzg7EGzh2L+yFNhZSWvQwoRxl/MtlQD8BL4WbHCKzDV47j9ssKjgc0qqFHrpRhUC hErb35FHmIAcMPOfpr8lO7UN/q3WTzWNDRzNCYeZvWc0oJYv9qKs0FH5bIVV6/K0QjWz 9TixnPehuG6qBQ0F/itnHer87Ph6YehV4ONS5Gx3LHeqjl0+JOgrPbSFwVQWn3Q/Pgsj 3yl8FyDQpry4fmBKCq8AXI6oGtz9gNtlpK57VVjCwsY04xb+RuCJqobfgmOGj0o25UeT SOwvY5UDCCiErYwCqyeCB8Fe4pErg8FSewCnkfs3wpG2Gty/NPc3UJUt+W/BefRxluZK V8EA== X-Gm-Message-State: AOAM533joVaJGxOl6vL7+PqZesIVUnfW7+zpah7VSe5t9mTnOwmbuP1o ps/81QIoqPgykEUZ4EUrBWbmnlxKPcpke/KySDzbYY5QBz/IkA== X-Google-Smtp-Source: ABdhPJx+9HjW1elu4s9zgNItfdEBBaQuAh00yhmklSswmrseAn51mfTc4YMaSg4SZSgTyueIWPpkLHfi5DNYO6zPBE4= X-Received: by 2002:ad4:442c:: with SMTP id e12mr11802413qvt.36.1629752004892; Mon, 23 Aug 2021 13:53:24 -0700 (PDT) MIME-Version: 1.0 From: Richard Barnes Date: Mon, 23 Aug 2021 10:53:13 -1000 Message-ID: To: Messaging Layer Security WG Content-Type: multipart/alternative; boundary="00000000000052e93405ca403514" Archived-At: Subject: [MLS] Final (?) batch of spec updates X-BeenThere: mls@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Messaging Layer Security List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Aug 2021 20:53:30 -0000 --00000000000052e93405ca403514 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi MLS folks, There=E2=80=99s been some good work going on on the spec lately, and I beli= eve we have our final batch of technical PRs posted. (There are a few editorial issues outstanding that I would like to handle after we merge the technical stuff.) #484 Clarify node vs. leaf indices https://github.com/mlswg/mls-protocol/pull/484 #483 Remove OPEN ISSUEs and TODOs https://github.com/mlswg/mls-protocol/pull/483 #481 Constrain proposal in External Commit https://github.com/mlswg/mls-protocol/pull/481 #480 Improve extensibility of Proposals https://github.com/mlswg/mls-protocol/pull/480 #479 Clarify extension handling and make extension updatable https://github.com/mlswg/mls-protocol/pull/479 #478 Inject GroupContext as HPKE info instead of AAD https://github.com/mlswg/mls-protocol/pull/478 #477 Signal the intended wire format for MLS messages https://github.com/mlswg/mls-protocol/pull/477 #476 Revisit the notion of identity in MLS groups https://github.com/mlswg/mls-protocol/pull/476 Your review would be appreciated! For the most part, these are pretty small and low-impact. I will direct your attention #476 in particular, which touches on some slightly deeper questions of identity. Cheers, =E2=80=94Richard --00000000000052e93405ca403514 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi MLS folks,

There=E2=80=99s been some good work g= oing on on the spec lately, and I believe we have our final batch of techni= cal PRs posted. =C2=A0(There are a few editorial issues outstanding that I = would like to handle after we merge the technical stuff.)

#484 Clari= fy node vs. leaf indices
https://github.com/mlswg/mls-protocol/pull/484

#483 = Remove OPEN ISSUEs and TODOs
https://github.com/mlswg/mls-protocol/pull/483

#= 481 Constrain proposal in External Commit
https://github.com/mlswg/mls-protocol/pull/481=

#480 Improve extensibility of Proposals
https://github.com/mlswg/mls-protoco= l/pull/480

#479 Clarify extension handling and make extension up= datable
https= ://github.com/mlswg/mls-protocol/pull/479

#478 Inject GroupConte= xt as HPKE info instead of AAD
https://github.com/mlswg/mls-protocol/pull/478
#477 Signal the intended wire format for MLS messages
https://github.com/mlswg/mls-prot= ocol/pull/477

#476 Revisit the notion of identity in MLS groups =
https://gith= ub.com/mlswg/mls-protocol/pull/476

Your review would be apprecia= ted!=C2=A0 For the most part, these are pretty small and low-impact.=C2=A0 = I will direct your attention #476 in particular, which touches on some slig= htly deeper questions of identity.

Cheers,
=E2=80=94Richard
--00000000000052e93405ca403514--