Skip to content

Commit

Permalink
Merge pull request #237 from mlswg/beurdouche_keypackage_reco
Browse files Browse the repository at this point in the history 
Minimal recommendation on handling last resort KeyPackages
  • Loading branch information
@beurdouche
beurdouche authored Jan 19, 2024
2 parents 43b4ef9 + cb60dc2 commit f8476a0
Showing 1 changed file with 21 additions and 9 deletions.
30 changes: 21 additions & 9 deletions draft-ietf-mls-architecture.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -666,15 +666,27 @@ DS might provide one KeyPackage per supported ciphersuite, even if it has
multiple such KeyPackages to enable the corresponding client to be added to
multiple groups before needing to upload more fresh KeyPackages.

In order to avoid replay attacks and provide forward secrecy for
messages sent using the initial keying material, KeyPackages are
intended to be used only once. The Delivery Service is responsible for
ensuring that each KeyPackage is only used to add its client to a
single group, with the possible exception of a "last resort"
KeyPackage that is specially designated by the client to be used
multiple times. Clients are responsible for providing new
KeyPackages as necessary in order to minimize the chance that
the "last resort" KeyPackage will be used.
In order to avoid replay attacks and provide forward secrecy for messages sent
using the initial keying material, KeyPackages are intended to be used only
once. The Delivery Service is responsible for ensuring that each KeyPackage is
only used to add its client to a single group, with the possible exception of a
"last resort" KeyPackage that is specially designated by the client to be used
multiple times. Clients are responsible for providing new KeyPackages as
necessary in order to minimize the chance that the "last resort" KeyPackage will
be used.

> **RECOMMENDATION:** Ensure that "last resort" KeyPackages don't get used by
> provisionning enough standard KeyPackages.

> **RECOMMENDATION:** Rotate "last resort" KeyPackages as soon as possible
> after being used or if they have been stored for a prolonged period of time.
> Overall, avoid reusing last resort KeyPackages as much as possible.

> **RECOMMENDATION:** Ensure that the client for which a last resort KeyPackage
> has been used is updating leaf keys as early as possible.

Overall, it needs to be noted that key packages need to be updated when
signature keys are changed.

## Delivery of Messages {#delivery-guarantees}

Expand Down

0 comments on commit f8476a0

Please sign in to comment.