Skip to content

Negotiation mechanism for partial MLS #11

New issue
New issue
Open
Open
Negotiation mechanism for partial MLS#11
@rohanmahy

Description

@rohanmahy
rohanmahy
opened on Jul 15, 2025

The draft currently contains this statement

This document does not define who generates annotated messages from the base MLS messages, or how this entity learns which clients are partial or full clients.

This is easily solved. We define the following new structs, and an extension type called partial_mls. Whenpartial_mls is present in the LeafNode.capabilities.extensions vector, it contains a PartialMlsCap struct, which indicates that the client supports the level of client support for Partial MLS. When partial_mls is present in the GroupContext.required_capabilities.extension_types vector, it contains a PartialMlsGroupConfig struct, which indicates explicit group configuration for Partial MLS.

  • no_partial_clients allows an explicit policy prohibition of Partial MLS even when all/most member clients support full_mls_annotations. Clients must have a PartialMlsCap value of reserved or full_mls_annotations.
  • ds annotates indicates explicitly that the DS will annotate for any Partial MLS client. Unfortunately this means that full MLS client that are oblivious to the extension would not be able to join. Clients can have any PartialMlsCap value.
  • full_clients_annotate indicates that all full clients MUST annotate. The PartialMlsCap value can be partial_only or full_mls_annotations.
  • either_annotates indicates that the DS will allow full clients to annotate, and will annotate to partial clients if a full client does not. Clients can have any PartialMlsCap value.
enum {
    reserved(0),             /* full MLS only */
    partial_only(1),         /* only supports partial MLS */
    full_mls_annotations(2), /* full MLS client that can send partial MLS annotations */
    (255)
} PartialMlsCapEnum;

struct {
    PartialMlsCapEnum member_capability;
} PartialMlsCap;

enum {
    no_partial_clients(0),    /* only use full MLS */
    ds_annotates(1),          /* The DS is responsible for annotating for partial clients */
    full_clients_annotate(2), /* full clients are responsible for annotation for partial clients */
    either_annotates(3),      /* full clients may annotate. if they do not, the DS will annotate */
    (255)
} PartialMlsGroupConfigEnum;

struct {
    PartialMlsGroupConfigEnum group_config;
} PartialMlsGroupConfig;

When partial_mls is not present in the GroupContext.required_capabilities.extension_types vector, a partial MLS client needs to be configured out-of-band to understand that the DS will send annotations before using the extensions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions