Minutes interim-2020-mls-18: Tue 12:00
minutes-interim-2020-mls-18-202008111200-00
| Meeting Minutes | Messaging Layer Security (mls) WG | |
|---|---|---|
| Title | Minutes interim-2020-mls-18: Tue 12:00 | |
| State | Active | |
| Other versions | plain text | |
| Last updated | 2020-08-18 |
minutes-interim-2020-mls-18-202008111200-00
# Issues/PRs
* PSK injection:
- Richard: Do we want/need a proposal to inject a PSK? Currently the plan
is using a commit extension. I feel like we don't need a proposal. An
extension is enough. - Konrad: Proposals are handy because they
authenticate a potential external source of the restart/re-add action. -
Raphael: Since there is no one really advocating proposals based on a
concrete use case, we should avoid overcomplicating the protocol. Vendor
can do it in a proprietary way on the application level. - Brendan: We
could make commits more extensible by keeping all proposals in a single
array, which would give the committer a way to indicate ordering. -
Richard: The application would still have to check that the ordering is
sane. - Raphael: This might be worthwhile if it keeps commits extensible. -
Richard: More work is needed to negotiate the availability of proposals
throughout the group. - Brendan agrees to provide some pseudocode for his
idea.
* PR #388
- Richard: It turns out we need to refer to a raw hash function. Eric
brought this up. - Eric: #388 solves the issue I raised.
* PR #387
- Sean: IANA usually reserves the first enum version, but we don't have to
do it. It might be sensible to change it from "invalid" to "reserved" so we
have less trouble with reviews later.
* PR #369
- Brendan: What instructions would one put in an extension would we that
wouldn't work as a proposal? - Richard: Instructions that would not enter
into the transcript. - Konrad: With extensible commits, we would have two
ways of communicating instructions to the group. - Richard: That is true,
if we have extensible proposals. Do we need to have communication about
PSKs in the transcript? - Konrad: We do if we want the communication
authenticated in the transcript. - Sean: We can wait with this PR until we
agree on how to extend commits.
* PR #360
- Richard (refers to his comment on the PR): We should go with option b) to
save entropy. Option c) seems scary. - Brendan: b) doesn't change that
much. If we want more efficiency we should go for c). - Britta: I believe
that we can't just drop the auth tag and expect the same level of
authentication. - Raphael: The lack of ordering requirement makes losing FS
on authenticity more dangerous, although there is still a signature on the
inside. - Britta: It might be a good idea to rely on both signatures and
auth tags, because signature keys won't get rotated as much. - Sean: We
should push this back one or two weeks.