Internet DRAFT - draft-mahy-mls-content-neg
draft-mahy-mls-content-neg
MLS R. Mahy
Internet-Draft Wire
Intended status: Informational 31 March 2022
Expires: 2 October 2022
Content Negotiation for Message Layer Security (MLS)
draft-mahy-mls-content-neg-00
Abstract
This document describes a default mechanism for the negotiation of
content inside an MLS group. It defines two new extensions to the
MLS (Messaging Layer Security) Protocol to allow for negotiation of
media types exchanged among members of an MLS group, and a minimal
framing format.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 2 October 2022.
Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Mahy Expires 2 October 2022 [Page 1]
�
Internet-Draft MLS Content Negotiation March 2022
Table of Contents
1. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Extension Description . . . . . . . . . . . . . . . . . . . . 3
4. Framing of application_data . . . . . . . . . . . . . . . . . 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
5.1. accepted_media_types MLS Extension Type . . . . . . . . . 5
5.2. required_media_types GroupContext extension . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . 5
7. Normative References . . . . . . . . . . . . . . . . . . . . 6
8. Informative References . . . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7
1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2219].
The terms MLS client, MLS group, and KeyPackage have the same
meanings as in the MLS protocol [I-D.ietf-mls-protocol].
2. Introduction
MLS is a group key establishment protocol which has several
applications. As described in the MLS architecture document
[I-D.ietf-mls-architecture], applications need to define specific
behavior of the MLS Distribution Service, the MLS Authentication
Service, and the format and negotiation of application data. This
document describes a default content negotiation mechanism
recommended by the MLS architecture specification. (The MLS protocol
specification does not define or prescribe any format for the
encrypted application_data encoded by MLS.)
Mahy Expires 2 October 2022 [Page 2]
�
Internet-Draft MLS Content Negotiation March 2022
This document describes two extensions to MLS which allow MLS clients
to advertise their support for specific formats inside MLS
application_data. These are expressed using the extensive IANA Media
Types registry (formerly called MIME Types). The
accepted_media_types KeyPackage Extension lists the formats a client
supports inside application_data, while the required_media_types
GroupContext Extension specifies which media types are required for a
particular MLS group. These allow clients to confirm that all
members of a group can communicate. Finally, this document defines a
minimal framing format so MLS clients can signal which media type is
being sent when multiple formats are permitted in the same group. As
clients are upgraded to support new formats they can use these
extensions to detect when all members support a new or more efficient
encoding, or select the best format or formats to send.
Note that the usage of IANA media types in general does not imply the
usage of MIME Headers [RFC2045] for framing. Vendor-specific media
subtypes starting with vnd. can be registered with IANA without
standards action as described in [RFC6838]. Implementations which
wish to send multiple formats in a single application message, may be
interested in the multipart/alternative media type defined in
[RFC2046] or may use or define another type with similar semantics.
3. Extension Description
This document specifies two MLS extensions of type MediaTypeList:
accepted_media_types, and required_media_types. The syntax is
described using the TLS Presentation Language [RFC8446].
MediaType is an ASCII string encoded as a TLS vector type containing
a single IANA Media Type (including the top-level type and subtype)
and any of its parameters. The formal internal structure is defined
later in this section. MediaTypeList is an ordered list of MediaType
objects.
// Text representation of a single IANA-registered Media Type.
MediaType media_type<V>;
struct {
MediaType media_types<V>;
} MediaTypeList;
MediaTypeList accepted_media_types;
MediaTypeList required_media_types;
The internal format of the MediaType is described in the Augmented
Backus-Naur Form (ABNF) [RFC5234] grammar below. The type is the
IANA top-level media type (ex: application), subtype is the IANA
Mahy Expires 2 October 2022 [Page 3]
�
Internet-Draft MLS Content Negotiation March 2022
media subtype, and parameter follows the definition in [RFC2045]
Section 5.1. Whitespace inside an MLS MediaType is PROHIBITED. The
type, subtype, and parameter attribute names are all case-
insensitive.
MediaType := type "/" subtype *(";" parameter)
Example Media Types:
image/png
text/plain;charset="UTF-8"
application/json
application/vnd.example.msgbus+cbor
An MLS client which implements this specification SHOULD include the
accepted_media_types extension in its KeyPackages, listing all the
media types it can receive.
When creating a new MLS group for an application using this
specification, the group includes a required_media_type extension in
the GroupInfo Extensions. When used in a group, the client MUST
include the required_media_types extension in the list of extensions
in RequiredCapabilities.
MLS clients SHOULD NOT add an MLS client to an MLS group with
required_media_types unless the MLS client advertises it can support
all of the required Media Types. As an exception, a client could be
preconfigured to know that certain clients support the mandatory
types.
4. Framing of application_data
When an MLS group contains the required_media_types GroupContext
extension, the application_data sent in that group is interpreted as
ApplicationFraming as defined below:
struct {
MediaType media_type;
opaque<V> application_content;
} ApplicationFraming;
The media_type MAY be zero length, in which case, the Media type of
the application_content is the first MediaType specified in
required_media_types.
Mahy Expires 2 October 2022 [Page 4]
�
Internet-Draft MLS Content Negotiation March 2022
5. IANA Considerations
This document proposes registration of two MLS Extension Types.
5.1. accepted_media_types MLS Extension Type
The accepted_media_types MLS Extension Type is used inside KeyPackage
objects. It contains a mediaTypeList representing all the media
Types supported by the MLS client publishing the KeyPackage.
Template:
Value: 0x0005
Name: accepted_media_types
Message(s): This extension may appear in KeyPackage objects
Recommended: Y
Reference: RFC XXXX
Description: list of media types supported by the MLS client
advertising the KeyPackage
5.2. required_media_types GroupContext extension
The required_media_types MLS Extension Type is used inside
GroupContext objects. It contains a mediaTypeList representing the
media Types which are mandatory for all MLS members of the group to
support.
Template:
Value: 0x0006
Name: required_media_types
Message(s): This extension may appear in GroupContext objects
Recommended: Y
Reference: RFC XXXX
Description: list of media types which every member of the MLS group
is required to support.
6. Security Considerations
The Security Considerations of MLS apply.
Use of the extensions in this document could leak some private
information both in KeyPackages and inside an MLS group. They could
be used to infer a specific implementation, platform, or even
version. Clients should consider carefully the implications in their
environment of making a list of acceptable media types available.
Mahy Expires 2 October 2022 [Page 5]
�
Internet-Draft MLS Content Negotiation March 2022
A client which can take over group administration could prevent
members from joining or sending messages in an established group, by
requiring a list of required media types which the attacker knows is
unsupported. This attack is not especially helpful, as taking over
group administration can have more disruptive effects.
7. Normative References
[I-D.ietf-mls-architecture]
Beurdouche, B., Rescorla, E., Omara, E., Inguva, S., Kwon,
A., and A. Duric, "The Messaging Layer Security (MLS)
Architecture", Work in Progress, Internet-Draft, draft-
ietf-mls-architecture-07, 4 October 2021,
<https://datatracker.ietf.org/doc/html/draft-ietf-mls-
architecture-07>.
[I-D.ietf-mls-protocol]
Barnes, R., Beurdouche, B., Robert, R., Millican, J.,
Omara, E., and K. Cohn-Gordon, "The Messaging Layer
Security (MLS) Protocol", Work in Progress, Internet-
Draft, draft-ietf-mls-protocol-13, 7 March 2022,
<https://datatracker.ietf.org/doc/html/draft-ietf-mls-
protocol-13>.
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996,
<https://www.rfc-editor.org/info/rfc2045>.
[RFC2219] Hamilton, M. and R. Wright, "Use of DNS Aliases for
Network Services", BCP 17, RFC 2219, DOI 10.17487/RFC2219,
October 1997, <https://www.rfc-editor.org/info/rfc2219>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/info/rfc5234>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
8. Informative References
[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046,
DOI 10.17487/RFC2046, November 1996,
<https://www.rfc-editor.org/info/rfc2046>.
Mahy Expires 2 October 2022 [Page 6]
�
Internet-Draft MLS Content Negotiation March 2022
[RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type
Specifications and Registration Procedures", BCP 13,
RFC 6838, DOI 10.17487/RFC6838, January 2013,
<https://www.rfc-editor.org/info/rfc6838>.
Author's Address
Rohan Mahy
Wire
Email: rohan.mahy@wire.com
Mahy Expires 2 October 2022 [Page 7]
