Minutes interim-2022-mls-03: Thu 10:00
minutes-interim-2022-mls-03-202202171000-00
Meeting Minutes | Messaging Layer Security (mls) WG | |
---|---|---|
Date and time | 2022-02-17 15:00 | |
Title | Minutes interim-2022-mls-03: Thu 10:00 | |
State | Active | |
Other versions | plain text | |
Last updated | 2022-03-01 |
minutes-interim-2022-mls-03-202202171000-00
# PRs #527 Stronger parent hashes for authenticated identities * @TWal and @bifurcation to get to a merge-able state, then make decision on mailing list #587 Stop generating redundant PKE key pairs. * Ready to merge * Refactor parent hash validation in a follow-up #592 Add a simple ProofCredential alternative to Certificate. * On the one hand, could implement this in a follow-on spec * On the other hand, could be nice to avoid the need for implementations to add stuff off the bat * TODO(@Bren2010): Flesh out use cases #593 Clean up the description of tree evolution. * To @rohan-wire's concern: This allows the base path secret to be derived, e.g., using a KDF, so this doesn't necessarily increase the amount of entropy needed * Clear to merge #594 TLS syntax updates * Some concern about being able to send gigantic stuff * In adversarial cases, the 4-byte headers used for a lot of stuff might already be a problem * Could also have length constraints decoupled from the syntax * SIP experience shows that imposing arbitrary length limits isn't a good idea * ... but applications should have a way to signal that things are too big * TODO(@bifurcation): Advisory text "Beware, things can get big; consider imposing limits and clear failure cases for this" * Consider streaming implementations, where you might not know that the whole message fits in memory * Modulo the above TODO, clear to merge #595 Allowlist approach for proposals in external commit * Merged #597 Require Commit.path by default * OK to keep using type * TODO(@bifurcation) "path safe" -> "path required" * Otherwise clear to merge # Issues #596 Invert definition of "partial" commit * Fixed by #597 #591 Reinit logic clarification * Maybe put "remove before upgrade" in implementation considerations document. * (after meeting) Tom good to close this one out #589 Replace labeled signing with signing wire format? * What's important is to have a "magic string" that distinguishes this protocol from other protocols * Need to distinguish between * Different structures within MLS * Different versions of MLS * MLS vs. everything else * E.g., "MLS 1.0 KeyPackageTBS" ~> protocol / version / type * In addition to already having it, having the protocol distinguisher in ASCII gives greater confidence * "Intra-protocol" identifiers can be small * "Inter-protocol" identifiers need to be larger to reduce collision probability * Consider introducing some standard prefix to "MLS" * If we're going to have both ASCII distinguisher and wire_format, spec needs to enforce equivalence * Could also omit wire_format from signature and rely on ASCII distinguisher alone * TODO(@TWal) Check that this is clear in the spec, see if wire format should be omitted #588 external_key_id seems to have a double usage * TODO(@bifurcation) Sender.external_key_id -> Sender.id or something like that #559 Remove redundant nodes from the tree * Fixed by #587