Skip to content

Commit

Permalink
Add recommendation for deletion of init_keys
Browse files Browse the repository at this point in the history
  • Loading branch information
TWal committed Nov 5, 2024
1 parent b8893e0 commit a9666eb
Showing 1 changed file with 11 additions and 6 deletions.
17 changes: 11 additions & 6 deletions draft-ietf-mls-architecture.md
Original file line number Diff line number Diff line change
Expand Up @@ -669,12 +669,13 @@ multiple groups before needing to upload more fresh KeyPackages.

In order to avoid replay attacks and provide forward secrecy for messages sent
using the initial keying material, KeyPackages are intended to be used only
once. The Delivery Service is responsible for ensuring that each KeyPackage is
only used to add its client to a single group, with the possible exception of a
"last resort" KeyPackage that is specially designated by the client to be used
multiple times. Clients are responsible for providing new KeyPackages as
necessary in order to minimize the chance that the "last resort" KeyPackage will
be used.
once, and `init_key` is intended to be deleted by the client after decryption
of the Welcome message. The Delivery Service is responsible for ensuring that
each KeyPackage is only used to add its client to a single group, with the
possible exception of a "last resort" KeyPackage that is specially designated
by the client to be used multiple times. Clients are responsible for providing
new KeyPackages as necessary in order to minimize the chance that the "last
resort" KeyPackage will be used.

> **RECOMMENDATION:** Ensure that "last resort" KeyPackages don't get used by
> provisioning enough standard KeyPackages.
Expand All @@ -686,6 +687,10 @@ be used.
> **RECOMMENDATION:** Ensure that the client for which a last resort KeyPackage
> has been used is updating leaf keys as early as possible.

> **RECOMMENDATION:** Ensure that clients delete their private `init_key` key
> after processing a Welcome message, or after the rotation of "last resort"
> KeyPackage.

Overall, it needs to be noted that key packages need to be updated when
signature keys are changed.

Expand Down

0 comments on commit a9666eb

Please sign in to comment.