| Internet-Draft | MLS Federation | September 2023 |
| Omara & Robert | Expires 12 March 2024 | [Page] |
- Workgroup:
- Network Working Group
- Internet-Draft:
- draft-ietf-mls-federation-03
- Published:
- Intended Status:
- Informational
- Expires:
- Authors:
- E. OmaraGoogleR. RobertPhoenix R&D
The Messaging Layer Security (MLS) Federation
Abstract
This document describes how the Messaging Layer Security (MLS) protocol can beused in a federated environment.¶
Discussion Venues
This note is to be removed before publishing as an RFC.¶
Source for this draft and an issue tracker can be found athttps://github.com/mlswg/mls-federation.¶
Status of This Memo
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is athttps://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 12 March 2024.¶
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
1.Introduction
MLS Architecture draft[I-D.ietf-mls-architecture] describes the overall MLSsystem architecture, assuming the client and servers (Delivery Service andAuthentication Service) are operated by the same entity. This is however not astrict requirement, the MLS protocol does not have an inherent dependency on onesingle entity and can instead be used between multiple entities.¶
The focus of this document is on the different components of the MLSarchitecture when used in a federated environment.¶
2.Federated environments
Federated environments are environments where multiple entities are operatingindependent MLS services. In particular, the assumption is that DeliveryServices and Authentication Services are not necessarily operated by the sameentity.¶
Entities operating independent MLS services are commonly called domains. In mostcases these domains might correspond to the Domain Name System, but it is notstrictly required. Operating MLS services in a federated environment cantherefore be regarded as federation between different domains.¶
Federation is however not limited to the MLS services themselves. For example, afederated environment could also contain clients that are provided by differententities. Specifically, different vendors could provide different applicationsthat differ in scope and functionality but are interoperable.¶
2.1.Delivery Services
Depending on the kind of federated environment, the two following types offederated Delivery Services are possible:¶
2.1.1.Different client applications
The diagram below shows an MLS group where all clients are provided bypotentially different vendors but operate on the same Delivery Service:¶
+------------+ + Delivery + + Service (DS) + +-----+------+ / + \ Group********************************************************** / + \ ** / | \ ** +--------+ +----+---+ +--------+ ** + Client 0 + + Client 1 + + Client 3 + ** +--------+ +--------+ +--------+ ** ............................. ............ ** User 0 User 1 ** **********************************************************¶
2.1.2.Different Delivery Services
The diagram below shows a federated environment in which different or identicalclients applications operate on different Delivery Services:¶
+-----------------+ +-----------------+ + Deliver Service 1 + + Deliver Service 2 + + + + + +-----------------+ +--------+--------+ | | | | | | Group***************|*********|*******************|************ | | | ** | | | ** +--------+ +--------+ +--------+ ** + Client 0 + + Client 1 + + Client 3 + ** +--------+ +--------+ +--------+ ** ............................. ............ ** User 0 User 1 ** **********************************************************¶
2.2.Authentication Service
In a federated environment, authentication becomes more important. While thespecifics of an Authentication Service are out-of-scope for MLS in general, itis important that strong authentication is accessible to all clients of afederated environment. As an example, a shared transparency log like[keytransparency] could be used.¶
3.Further considerations
The following aspects of federated communication are important for successfulfederation but are not considered in scope of the MLS charter:¶
## Common format for the content of application messages¶
The MLS protocol does not impose any format on the content of applicationmessages. Instead, application messages are considered to be an opaque sequenceof bytes. Applications in a federated environment are expected to agree on acommon format. The negotiation can be done at the KeyPackage level, or throughthe MLS extension mechanism.¶
3.1.Network protocol between different domains
Cross-domain operations such as sending and receiving messages, fetchingKeyPackages, and querying the Authentication Services have to be part of acommon network protocol that is supported by all domains in a federatedenvironment.¶
4.Discovery service for clients/users on a specific domain
Searching for users and other discovery services are typically part of messagingsystems. In the context of MLS, this functionality might overlap with thefetching of KeyPackages and message routing.¶
5.Use cases
5.1.Different Delivery Servers
Different applications operated by different entities can use MLS to exchangeend-to-end encrypted messages. For example, in a messaging applications, clientsof messaging1.tld can encrypt and decrypt end-to-end encrypted messages frommessaging2.tld.¶
5.2.Different client applications
Different client applications operating on the same server can use MLS toexchange end-to-end encrypted handshake and application messages. For example,different browsers can implement the MLS protocol, and web developers write webapplications that use the MLS implementation in the browser to encrypt anddecrypt the messages. This will require a new standard Web API to allow theclient applications to set the address of the delivery service in the browser. Amore concrete example is using MLS in the browser to negotiate SRTP keys formulti-party conference calls.¶
6.Functional Requirements
6.1.Delivery service
While there is no strict requirement regarding the network topology, there arepractical advantages when clients only connect to their own Delivery Servicerather than to the whole federated environment. This routing strategy canpossibly make the design of a cross-domain network protocol easier in thecontext of access control.¶
In such a topology, the client's own Delivery Service relays messages to theDelivery Service in charge for a specific group.¶
When several Delivery Services are involved in relaying messages, it isimportant that all of them agree on which one is responsible for orderinghandshake messages of a specific group at any given time in order to enforce thetotal ordering of handshake messages required by the MLS protocol.¶
Depending on the functional requirements (such high availability andredundancy), the different Delivery Services can elect a dedicated DeliveryService to be responsible for ordering handshake messages for a certain periodof time. The election process can be repeated when the availability of DeliveryServices change.¶
The diagram below shows a federated environment where a client connects to itsown Delivery Service that in turn relays messages to other Delivery Services.¶
+-----------------+ +---------+ +--> + Deliver Service B + +---> + Client B1 + | + + +---------+ | +-----------------+ | +---+-------------+ +---------+ +---------+ + Deliver Service A + +-------------> + Client A2 ++ Client A1 + +---> + + +---------+ +---------+ +------+----------+ | | +-----------------+ +---------+ +--> + Deliver Service C + +---> + Client C1 + + + +---------+ +-----------------+¶
6.2.Authentication Service
The MLS specification only describes how the signatures on the contents of theleaf nodes of a given group can be verified and that clients have to support thesignature schemes of all other clients in each group.¶
The credential (and thus the binding between identity of the group member andits signature public key) in each (non-blank) leaf node has to be authenticatedby the AS. This becomes relevant in a federated setting, as the AS, and thus theauthentication process of each member in a given group might differ.¶
This problem can be solved in a variety of ways, for example, by having allapplications and/or service providers involved in a federation agree on a sharedprocess, or by having clients advertise their authentication process in asimilar way as their ciphersuite, with the requirement that all members of agroup must support each others authentication processes.¶
Depending on the design of the AS of a given client, other, federated clientsmight have to trust that client's service provider to authenticate itscredential. Confidence in authentication provided by service providers ingeneral can be strengthened by using a scheme such as[keytransparency], whichallows both local and federated clients to assert a shared view of theauthentication information provided by the service.¶
In a federated environment, the AS should provide the same degree oftransparency as in a non-federated environment, i.e. end-to-end authenticationshould be possible.¶
7.Security Considerations
7.1.Version & ciphersuite negotiation
In a federated environment, version & ciphersuite negotiation is more critical,to avoid forcing a downgrade attack by malicious third party Delivery Services.This is due to the fact that the thread model is extended to include the following:¶
- Different entities might have diverging security policies, e.g. they don'tenforce validation of KeyPackages the same way.¶
- Entities might be malicious and act as a threat actor, e.g. might generatefake clients controlled by them.¶
The negotiation of version numbers & ciphersuites can be done at the KeyPackage level.¶
8.IANA Considerations
This document makes no requests of IANA.¶
9.References
9.1.Normative References
- [I-D.ietf-mls-architecture]
- Beurdouche, B.,Rescorla, E.,Omara, E.,Inguva, S., andA. Duric,"The Messaging Layer Security (MLS) Architecture",Work in Progress,Internet-Draft, draft-ietf-mls-architecture-11,,<https://datatracker.ietf.org/doc/html/draft-ietf-mls-architecture-11>.
9.2.Informative References
- [keytransparency]
- "Key Transparency",n.d.,<https://github.com/google/keytransparency>.
draft-ietf-mls-federation-03
Expired Internet-Draft (mls WG)
| Document | Document type | Expired Internet-Draft (mls WG) Expired & archived | |
|---|---|---|---|
| Select version | |||
| Compare versions | |||
| Authors | Emad Omara,Raphael Robert Email authors | ||
| Replaces | draft-omara-mls-federation | ||
| RFC stream |   | ||
| Intended RFC status | (None) | ||
| Other formats | |||
| Additional resources | Mailing list discussion |