Conveying the More Instant Messaging Interoperability Message ID in Messaging Layer Security Additional Authenticated Data

]> Conveying the More Instant Messaging Interoperability Message ID in Messaging Layer Security Additional Authenticated Data

rohan.mahy@gmail.com

More Instant Messaging Interoperability message ID AAD Additional Authenticated Data message ID component The More Instant Messaging Interoperability (MIMI) content format defines a MIMI Message ID, communicated only to members of the Messaging Layer Security (MLS) group in which the message was sent. This document defines a way to share a Message ID in the MLS Additional Authenticated Data (AAD) so it is visible to MIMI providers. About This Document The latest revision of this draft can be found at . Status information for this document may be found at . Discussion of this document takes place on the More Instant Messaging Interoperability mailing list (), which is archived at . Subscribe at . Source for this draft and an issue tracker can be found at .

Introduction Many messaging protocols and formats have a Message ID. The MIMI content format defines how to calculate a MIMI Message ID (See ) for an application/mimi-content application message. A MIMI Message ID is currently only shared end-to-end encrypted with members of the MLS group in which the message was sent. This document defines an optional mechanism to share a Message ID in the MLS AAD, so it is visible to intermediary providers. This greatly facilitates debugging and troubleshooting, but causes a modest reduction in privacy.

Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Mechanism This document defines a new Safe AAD message_id component as described in . When the content of an MLS application message is a MIMI content message (media type application/mimi-content), if the message_id component is present inside SafeAAD.aad_items, it MUST contain the MIMI content Message ID calculated as described in .

To the extent that other application formats or media types have a Message ID, the Message ID for an application message of that type or format MAY be conveyed in this extension, using a message ID appropriate to the media type of the content.

Security Considerations An attacker or provider with access to a fragment of message history, and the message logs of a MIMI provider in the path of a message could potentially learn more about the participants of a particular MIMI room or the room's corresponding MLS group if it can see message IDs.

IANA Considerations

message_id MLS Component Type This document registers a new MLS Component Type in the Specification Required range with the following template:

Value: TBD (suggested value 0x0040)
Name: message_id
Where: AD
Recommended: Y
Reference: RFC XXXX

Normative References More Instant Messaging Interoperability (MIMI) message content Rohan Mahy Consulting Services This document describes content semantics common in Instant Messaging (IM) systems and describes a profile suitable for instant messaging interoperability of messages end-to-end encrypted inside the MLS (Message Layer Security) Protocol. The Messaging Layer Security (MLS) Protocol Messaging applications are increasingly making use of end-to-end security mechanisms to ensure that messages are only accessible to the communicating endpoints, and not to any servers involved in delivering messages. Establishing keys to provide such protections is challenging for group chat settings, in which more than two clients need to agree on a key but may not be online at the same time. In this document, we specify a key establishment protocol that provides efficient asynchronous group key establishment with forward secrecy (FS) and post-compromise security (PCS) for groups in size ranging from two to thousands. Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. The Messaging Layer Security (MLS) Extensions Phoenix R&D The Messaging Layer Security (MLS) protocol is an asynchronous group authenticated key exchange protocol. MLS provides a number of capabilities to applications, as well as several extension points internal to the protocol. This document provides a consolidated application API, guidance for how the protocol's extension points should be used, and a few concrete examples of both core protocol extensions and uses of the application API.

Acknowledgments TODO acknowledge.