Minutes IETF108: mls
minutes-108-mls-00

# MLS WG Meeting
2020-07-28, IETF108 - Virtual

# Note Well

# Issues/PRs

Richard Barnes provided an overview of the protocol-related
(draft-ietf-mls-protocol) changes since the last meeting: leverage HPKE and TLS
signatures, ratcheting optional for adds, and tree optional in GroupInfo
message. The remaining time was spent discussions open issues:

* Reflecting reality in the key schedule: when a PSK is used, the PSK does not
authenticate the new joiners know it and the GroupContext gets used in a bunch
of individual derivations. Proposal is to reorder so that the joiner has to use
the PSK to get the epoch secret and to add GroupContext into the epoch_secret
once.

* Simplifying sender data encryption: the goal is to prevent the delivery
service from seeing sender and generation. Proposal was to either swap order of
content and metadata encryption but via jabber SIV was proposed. The discussion
will be taken to the list.

* nKDF discussed on CFRG: Key scheduled was changed so it no longer clear that
nKDF is need, i.e., no longer need multiple keys incorporated at once.