From a2edb05787cfc3dda3365a7ac2be91b2dffcf34f Mon Sep 17 00:00:00 2001 From: ID Bot Date: Mon, 21 Oct 2024 15:55:36 +0000 Subject: [PATCH] Script updating gh-pages from f880364. [ci skip] --- draft-ietf-mls-extensions.html | 89 +++++++++++++++++++++++++++++++++- draft-ietf-mls-extensions.txt | 68 +++++++++++++++++++++++++- index.html | 2 +- 3 files changed, 155 insertions(+), 4 deletions(-) diff --git a/draft-ietf-mls-extensions.html b/draft-ietf-mls-extensions.html index 0d37e92..f0533d3 100644 --- a/draft-ietf-mls-extensions.html +++ b/draft-ietf-mls-extensions.html @@ -1264,6 +1264,9 @@

The safe extension API allows extension designers to sign and encrypt payloads without the need to register their own IANA labels. Following the same pattern, this document also provides ways for extension designers to define their own -wire formats, proposals and credentials.

+wire formats, proposals, credentials, and for structured data in the +Additional Authenticated Data.

@@ -1769,6 +1776,43 @@
Section 5.3 of the MLS specification.

+
+
+
+2.1.7.4. Additional Authenticated Data (AAD) +
+

The PrivateContentAAD struct in MLS can contain arbitrary additional +application-specific AAD in its authenticated_data field. This framework +defines a framing used to allow multiple extensions to add AAD safely +without conflicts or ambiguity.

+

When any AAD safe extension is included in the authenticated_data field, +the "safe" AAD items MUST come before any non-safe data in the +authenticated_data field. Safe AAD items are framed using the SafeAAD +struct and are sorted in increasing numerical order of the ExtensionType +as described below:

+
+
+struct {
+  ExtensionType extension_type;
+  opaque aad_item_data<V>;
+} SafeAADItem;
+
+struct {
+  SafeAADItem aad_items<V>;
+} SafeAAD;
+
+
+

If the SafeAAD is present or not is determined by the presence of the +extension_aad GroupContext extension in the required_capabilities of the +group. If extension_aad is present in required_capabilities but no +"safe" AAD items are present, the aad_items is a zero-length vector.

+

Each extension which include a SafeAADItem needs to advertise its +ExtensionType in its LeafNode capabilities.extensions. Extensions MAY +require an ExtensionType to be included in required_capabilities, but +members which encounter a SafeAADItem they do not recognize can safely +ignore it.

+
+
@@ -2744,6 +2788,33 @@

+
+
+

+4.2.6. extension_aad MLS Extension +

+

The extension_aad MLS Extension Type is used to signal support for SafeAAD +in LeafNode capabilities, and in GroupContext required_capabilities. It contains no additional data.

+
    +
  • +

    Value: 0x000B

    +
    • +
  • +

    Name: extension_aad

    +
    • +
  • +

    Message(s): LN,GC: This extension may appear in LeafNode and GroupContext +objects.

    +
    • +
  • +

    Recommended: Y

    +
    • +
  • +

    Reference: RFC XXXX

    +
    • +
+
+
@@ -2938,6 +3009,22 @@

+
+
+

+4.6. MLS Extension Types +

+

This document modifies the rules of the "MLS Extension Types" registry +to add a new Message type as follows:

+
    +
  • +

    AD: Authenticated Additional Data

    +
    • +
+

The AD Message type refers to an ExtensionType used inside the +SafeAADItem structure defined in Section 2.1.7.4.

+
+
diff --git a/draft-ietf-mls-extensions.txt b/draft-ietf-mls-extensions.txt index 26d39f2..ea8fe08 100644 --- a/draft-ietf-mls-extensions.txt +++ b/draft-ietf-mls-extensions.txt @@ -98,6 +98,7 @@ Table of Contents 4.2.3. accepted_media_types MLS Extension 4.2.4. required_media_types MLS Extension 4.2.5. last_resort_key_package MLS Extension + 4.2.6. extension_aad MLS Extension 4.3. MLS Proposal Types 4.3.1. Extension Proposal 4.3.2. Extension Path Proposal @@ -108,6 +109,7 @@ Table of Contents 4.4.1. Extension Credential 4.5. MLS Signature Labels 4.5.1. Labeled Extension Content + 4.6. MLS Extension Types 5. Security considerations 5.1. AppAck 5.2. Targeted Messages @@ -421,8 +423,9 @@ Table of Contents The safe extension API allows extension designers to sign and encrypt payloads without the need to register their own IANA labels. Following the same pattern, this document also provides ways for - extension designers to define their own wire formats, proposals and - credentials. + extension designers to define their own wire formats, proposals, + credentials, and for structured data in the Additional Authenticated + Data. 2.1.7.1. Wire Formats @@ -490,6 +493,40 @@ Table of Contents has to meet the requirements detailed in Section 5.3 of the MLS specification. +2.1.7.4. Additional Authenticated Data (AAD) + + The PrivateContentAAD struct in MLS can contain arbitrary additional + application-specific AAD in its authenticated_data field. This + framework defines a framing used to allow multiple extensions to add + AAD safely without conflicts or ambiguity. + + When any AAD safe extension is included in the authenticated_data + field, the "safe" AAD items MUST come before any non-safe data in the + authenticated_data field. Safe AAD items are framed using the + SafeAAD struct and are sorted in increasing numerical order of the + ExtensionType as described below: + + struct { + ExtensionType extension_type; + opaque aad_item_data; + } SafeAADItem; + + struct { + SafeAADItem aad_items; + } SafeAAD; + + If the SafeAAD is present or not is determined by the presence of the + extension_aad GroupContext extension in the required_capabilities of + the group. If extension_aad is present in required_capabilities but + no "safe" AAD items are present, the aad_items is a zero-length + vector. + + Each extension which include a SafeAADItem needs to advertise its + ExtensionType in its LeafNode capabilities.extensions. Extensions + MAY require an ExtensionType to be included in required_capabilities, + but members which encounter a SafeAADItem they do not recognize can + safely ignore it. + 2.1.8. Extension state: anchoring, storage and agreement The safe extension framework can help an MLS extension ensure that @@ -1291,6 +1328,23 @@ Table of Contents * Reference: RFC XXXX +4.2.6. extension_aad MLS Extension + + The extension_aad MLS Extension Type is used to signal support for + SafeAAD in LeafNode capabilities, and in GroupContext + required_capabilities. It contains no additional data. + + * Value: 0x000B + + * Name: extension_aad + + * Message(s): LN,GC: This extension may appear in LeafNode and + GroupContext objects. + + * Recommended: Y + + * Reference: RFC XXXX + 4.3. MLS Proposal Types 4.3.1. Extension Proposal @@ -1385,6 +1439,16 @@ Table of Contents * Reference: RFC XXXX +4.6. MLS Extension Types + + This document modifies the rules of the "MLS Extension Types" + registry to add a new Message type as follows: + + * AD: Authenticated Additional Data + + The AD Message type refers to an ExtensionType used inside the + SafeAADItem structure defined in Section 2.1.7.4. + 5. Security considerations 5.1. AppAck diff --git a/index.html b/index.html index fb64a7d..b4434cc 100644 --- a/index.html +++ b/index.html @@ -29,7 +29,7 @@

Preview for branch fix-upload-ci

MLS plain text - same as main + diff with main