Markdown Version | Session Recording

Session Date/Time: 22 Jul 2024 20:00

mls

Summary

The MLS Working Group meeting focused on addressing outstanding issues in the MLS architecture draft and discussing various extensions, including those related to instant messaging (Mimi) and post-quantum cryptography. A significant portion of the meeting was dedicated to a detailed examination of an attack involving invalid commits and external rejoins, and potential mitigations. The group also discussed several extensions, including AppSync, semi-private messages, and different credential types.

Key Discussion Points

• Invalid Commits and External Rejoins:

  • Brendan presented a PR addressing vulnerabilities related to invalid commits and the external rejoin mechanism.
  • The discussion revolved around a "forced rejoin attack" where a malicious delivery service (DS) can manipulate group state by choosing invalid commits.
  • Concerns were raised about post-compromised security (PCS) being compromised by the ability to revert to compromised epochs.
  • Various mitigations were proposed, including epoch checking, transcript verification, and public key bookkeeping.
  • The debate centered on whether the PR should only flag the risks of automated rejoin behaviors, or also include potential solutions.
  • Richard suggested focusing the architectural discussion on the risks of automated re-syncs.

• Extensions Framework:

  • Rowan raised an issue regarding safe extensions and AAD and a PR was submitted.

• AppSync Extension:

  • Rowan presented the AppSync extension, aimed at ensuring agreement on application state within the group.
  • There was discussion around the level of MLS's involvement in defining common representations of state.
  • Raphael noted potential overlap with other extensions related to group context and extension state updates.

• Semi-Private Message Extension:

  • Rowan introduced the semi-private message extension, allowing selective sharing of private message content with external receivers known to the group.
  • Raphael raised concerns about the lack of protection for the group ID.
  • Conrad and Britta supported the inclusion of this feature to the toolbox.

• Other Extensions:

  • Richard presented the Different Credentials draft.
  • Richard presented the Replaced Proposal draft, allowing re-origination of updates. Concerns about potential rollbacks were raised.
  • Richard presented Tree Free draft, which allows client to operate with hard login guarantees instead of using the Ratchet Tree

• Post-Quantum MLS:

  • Britta provided an overview of a proposed approach for post-quantum MLS, involving two sessions (post-quantum and standard) and using exporter keys to inject post-quantum guarantees into the standard ratchet.

Decisions and Action Items

• PR 261 (Invalid Commits/External Rejoins):

  • It was decided to adopt a PR to address the issues of invalid commits and external rejoins.
  • A vote was held on including approaches within the PR, 4 for yes and 8 for no, and 5 for no opinions
  • Richard, Britta, Brendan, and Rowan agreed to further discuss the PR to determine appropriate text.
  • The goal is for the document to be completed during the current week.

• Different Credentials Extension:

  • It was decided that Richard should proceed with putting this directly into the current extension draft.

Next Steps

• Richard, Britta, Brendan, and Rowan to collaborate and edit the PR.
• Richard to create a PR to include the different credential drafts into the extension draft.
• The WG to review edited PR and hopefully accept it.