Skip to content

Commit

Permalink
deploy: e341799
Browse files Browse the repository at this point in the history
  • Loading branch information
franziskuskiefer committed Oct 1, 2024
1 parent 0702774 commit fd4f687
Show file tree
Hide file tree
Showing 16 changed files with 22 additions and 22 deletions.
2 changes: 1 addition & 1 deletion index.html
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<!doctype html><html lang=en dir=auto><head><meta name=generator content="Hugo 0.135.0"><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>OpenMLS</title>
<meta name=description content><meta name=author content><link rel=canonical href=https://blog.openmls.tech/><link crossorigin=anonymous href=/assets/css/stylesheet.fc220c15db4aef0318bbf30adc45d33d4d7c88deff3238b23eb255afdc472ca6.css integrity="sha256-/CIMFdtK7wMYu/MK3EXTPU18iN7/MjiyPrJVr9xHLKY=" rel="preload stylesheet" as=style><link rel=icon href=https://blog.openmls.tech/favicon.ico><link rel=icon type=image/png sizes=16x16 href=https://blog.openmls.tech/favicon-16x16.png><link rel=icon type=image/png sizes=32x32 href=https://blog.openmls.tech/favicon-32x32.png><link rel=apple-touch-icon href=https://blog.openmls.tech/apple-touch-icon.png><link rel=mask-icon href=https://blog.openmls.tech/safari-pinned-tab.svg><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://blog.openmls.tech/index.xml><link rel=alternate hreflang=en href=https://blog.openmls.tech/><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--code-block-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="OpenMLS"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://blog.openmls.tech/"><meta name=twitter:card content="summary"><meta name=twitter:title content="OpenMLS"><meta name=twitter:description content><script type=application/ld+json>{"@context":"https://schema.org","@type":"Organization","name":"OpenMLS","url":"https://blog.openmls.tech/","description":"","thumbnailUrl":"https://blog.openmls.tech/favicon.ico","sameAs":[]}</script></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://blog.openmls.tech/ accesskey=h title="OpenMLS (Alt + H)">OpenMLS</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://blog.openmls.tech/ title=Home><span class=active>Home</span></a></li><li><a href=https://github.com/openmls/openmls title=Github><span>Github</span>&nbsp;<svg fill="none" shape-rendering="geometricPrecision" stroke="currentcolor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2.5" viewBox="0 0 24 24" height="12" width="12"><path d="M18 13v6a2 2 0 01-2 2H5a2 2 0 01-2-2V8a2 2 0 012-2h6"/><path d="M15 3h6v6"/><path d="M10 14 21 3"/></svg></a></li></ul></nav></header><main class=main><article class=first-entry><header class=entry-header><h2 class=entry-hint-parent>Taking Stock of Validation Checks</h2></header><div class=entry-content><p>When implementing cryptographic protocols, probably the most important thing is to not forget validating all inputs. Failing to do so can lead to inadvertant leakage of private information, state corruption, impersonation attacks… all kinds of vulnerabilities.
To give an example, you might remember the “goto fail” vulnerability, a bug in the TLS implementation used in iOS. Here, the verification function of signatures sent along with the ServerKeyExchange message, which ties the server identity to the transcript and ephemeral key material. Due to a hard-to-spot slipup, it returned success early and never really checked the signature, which would allow an attacker to man-in-the-middle the connection. While in this case they didn’t just forget to do the check, it does demonstrate why these checks are important.
...</p></div><footer class=entry-footer><span title='2024-09-30 00:00:00 +0000 UTC'>September 30, 2024</span>&nbsp;·&nbsp;Jan Winkelmann</footer><a class=entry-link aria-label="post link to Taking Stock of Validation Checks" href=https://blog.openmls.tech/posts/2024-09-30-taking-stock-of-validation-checks/></a></article><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>OpenMLS 0.6 released</h2></header><div class=entry-content><p>Today, we are releasing version 0.6 of OpenMLS. In this post we’ll go over the most significant changes since our last release.
...</p></div><footer class=entry-footer><span title='2024-09-30 00:00:00 +0000 UTC'>September 30, 2024</span>&nbsp;·&nbsp;Jan Winkelmann</footer><a class=entry-link aria-label="post link to Taking Stock of Validation Checks" href=https://blog.openmls.tech/posts/2024-09-30-validation/></a></article><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>OpenMLS 0.6 released</h2></header><div class=entry-content><p>Today, we are releasing version 0.6 of OpenMLS. In this post we’ll go over the most significant changes since our last release.
New Storage Provider To make it easier to persist group state, the KeyStoreProvider was replaced with the more powerful StorageProvider trait for tracking the state of a group or a party. This includes keys, but also other group state like the ratchet tree and the group context. OpenMLS writes to the storage at the end of any successful operation. This means that if the provider is backed by some persistent memory, the entire long-lived state of OpenMLS is automatically persisted.
...</p></div><footer class=entry-footer><span title='2024-09-04 00:00:00 +0000 UTC'>September 4, 2024</span>&nbsp;·&nbsp;Jan Winkelmann</footer><a class=entry-link aria-label="post link to OpenMLS 0.6 released" href=https://blog.openmls.tech/posts/2024-09-04-v0_6-release/></a></article><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>Post-Quantum OpenMLS</h2></header><div class=entry-content><p>OpenMLS now offers security against harvest-now-decrypt-later (HNDL) quantum adversaries.
In #1546 we merged support for the X-Wing KEM draft, which is an early draft for securely combining elliptic-curve-based Diffie-Hellman with ML-KEM. In particular, OpenMLS now supports the ciphersuite MLS_256_XWING_CHACHA20POLY1305_SHA256_Ed25519 with ciphersuite 0x004D. There is no IANA code-point for this ciphersuite yet, such that interoperability may not be guaranteed. We work with other implementers towards interoperability of this ciphersuite.
Expand Down
2 changes: 1 addition & 1 deletion index.xml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>OpenMLS</title><link>https://blog.openmls.tech/</link><description>Recent content on OpenMLS</description><generator>Hugo -- 0.135.0</generator><language>en-us</language><lastBuildDate>Mon, 30 Sep 2024 00:00:00 +0000</lastBuildDate><atom:link href="https://blog.openmls.tech/index.xml" rel="self" type="application/rss+xml"/><item><title>Taking Stock of Validation Checks</title><link>https://blog.openmls.tech/posts/2024-09-30-taking-stock-of-validation-checks/</link><pubDate>Mon, 30 Sep 2024 00:00:00 +0000</pubDate><guid>https://blog.openmls.tech/posts/2024-09-30-taking-stock-of-validation-checks/</guid><description>&lt;p>When implementing cryptographic protocols, probably the most important thing is to not forget validating all inputs. Failing to do so can lead to inadvertant leakage of private information, state corruption, impersonation attacks&amp;hellip; all kinds of vulnerabilities.&lt;/p>
<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>OpenMLS</title><link>https://blog.openmls.tech/</link><description>Recent content on OpenMLS</description><generator>Hugo -- 0.135.0</generator><language>en-us</language><lastBuildDate>Mon, 30 Sep 2024 00:00:00 +0000</lastBuildDate><atom:link href="https://blog.openmls.tech/index.xml" rel="self" type="application/rss+xml"/><item><title>Taking Stock of Validation Checks</title><link>https://blog.openmls.tech/posts/2024-09-30-validation/</link><pubDate>Mon, 30 Sep 2024 00:00:00 +0000</pubDate><guid>https://blog.openmls.tech/posts/2024-09-30-validation/</guid><description>&lt;p>When implementing cryptographic protocols, probably the most important thing is to not forget validating all inputs. Failing to do so can lead to inadvertant leakage of private information, state corruption, impersonation attacks&amp;hellip; all kinds of vulnerabilities.&lt;/p>
&lt;p>To give an example, you might remember &lt;a href="https://www.imperialviolet.org/2014/02/22/applebug.html">the &amp;ldquo;goto fail&amp;rdquo; vulnerability&lt;/a>, a bug in the TLS implementation used in iOS. Here, the verification function of signatures sent along with the &lt;code>ServerKeyExchange&lt;/code> message, which ties the server identity to the transcript and ephemeral key material. Due to a hard-to-spot slipup, it returned success early and never really checked the signature, which would allow an attacker to man-in-the-middle the connection. While in this case they didn&amp;rsquo;t just &lt;em>forget&lt;/em> to do the check, it does demonstrate why these checks are important.&lt;/p></description></item><item><title>OpenMLS 0.6 released</title><link>https://blog.openmls.tech/posts/2024-09-04-v0_6-release/</link><pubDate>Wed, 04 Sep 2024 00:00:00 +0000</pubDate><guid>https://blog.openmls.tech/posts/2024-09-04-v0_6-release/</guid><description>&lt;p>Today, we are releasing version 0.6 of OpenMLS. In this post we’ll go over the most significant changes since our last release.&lt;/p>
&lt;h1 id="new-storage-provider">New Storage Provider&lt;/h1>
&lt;p>To make it easier to persist group state, the &lt;code>KeyStoreProvider&lt;/code> was replaced with the more powerful &lt;code>StorageProvider&lt;/code> trait for tracking the state of a group or a party. This includes keys, but also other group state like the ratchet tree and the group context. OpenMLS writes to the storage at the end of any successful operation. This means that if the provider is backed by some persistent memory, the entire long-lived state of OpenMLS is automatically persisted.&lt;/p></description></item><item><title>Post-Quantum OpenMLS</title><link>https://blog.openmls.tech/posts/2024-04-11-pq-openmls/</link><pubDate>Thu, 11 Apr 2024 00:00:00 +0000</pubDate><guid>https://blog.openmls.tech/posts/2024-04-11-pq-openmls/</guid><description>Get started with post-quantum secure end-to-end encrypted with OpenMLS.</description></item><item><title>OpenMLS 0.5 released</title><link>https://blog.openmls.tech/posts/2023-07-20-v0_5-release/</link><pubDate>Thu, 20 Jul 2023 00:00:00 +0000</pubDate><guid>https://blog.openmls.tech/posts/2023-07-20-v0_5-release/</guid><description>&lt;p>Today, we are releasing OpenMLS v0.5. This release has been a while in the making and covers substantial changes since the last release. We are grateful for &lt;a href="https://openmls.tech/blog/2022-10-19-update/">the support of the Sovereign Tech Fund&lt;/a> towards this goal. These are some of the changes:&lt;/p>
Expand Down
9 changes: 0 additions & 9 deletions posts/2024-09-30-taking-stock-of-validation-checks/index.html

This file was deleted.

9 changes: 9 additions & 0 deletions posts/2024-09-30-validation/index.html

Large diffs are not rendered by default.

Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion posts/index.html
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Posts | OpenMLS</title>
<meta name=keywords content><meta name=description content="Posts - OpenMLS"><meta name=author content><link rel=canonical href=https://blog.openmls.tech/posts/><link crossorigin=anonymous href=/assets/css/stylesheet.fc220c15db4aef0318bbf30adc45d33d4d7c88deff3238b23eb255afdc472ca6.css integrity="sha256-/CIMFdtK7wMYu/MK3EXTPU18iN7/MjiyPrJVr9xHLKY=" rel="preload stylesheet" as=style><link rel=icon href=https://blog.openmls.tech/favicon.ico><link rel=icon type=image/png sizes=16x16 href=https://blog.openmls.tech/favicon-16x16.png><link rel=icon type=image/png sizes=32x32 href=https://blog.openmls.tech/favicon-32x32.png><link rel=apple-touch-icon href=https://blog.openmls.tech/apple-touch-icon.png><link rel=mask-icon href=https://blog.openmls.tech/safari-pinned-tab.svg><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><link rel=alternate type=application/rss+xml href=https://blog.openmls.tech/posts/index.xml><link rel=alternate hreflang=en href=https://blog.openmls.tech/posts/><noscript><style>#theme-toggle,.top-link{display:none}</style><style>@media(prefers-color-scheme:dark){:root{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--code-block-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--theme)}.list:not(.dark)::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-thumb{border-color:var(--theme)}}</style></noscript><meta property="og:title" content="Posts"><meta property="og:description" content><meta property="og:type" content="website"><meta property="og:url" content="https://blog.openmls.tech/posts/"><meta name=twitter:card content="summary"><meta name=twitter:title content="Posts"><meta name=twitter:description content><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://blog.openmls.tech/posts/"}]}</script></head><body class=list id=top><script>localStorage.getItem("pref-theme")==="dark"?document.body.classList.add("dark"):localStorage.getItem("pref-theme")==="light"?document.body.classList.remove("dark"):window.matchMedia("(prefers-color-scheme: dark)").matches&&document.body.classList.add("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://blog.openmls.tech/ accesskey=h title="OpenMLS (Alt + H)">OpenMLS</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://blog.openmls.tech/ title=Home><span>Home</span></a></li><li><a href=https://github.com/openmls/openmls title=Github><span>Github</span>&nbsp;<svg fill="none" shape-rendering="geometricPrecision" stroke="currentcolor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2.5" viewBox="0 0 24 24" height="12" width="12"><path d="M18 13v6a2 2 0 01-2 2H5a2 2 0 01-2-2V8a2 2 0 012-2h6"/><path d="M15 3h6v6"/><path d="M10 14 21 3"/></svg></a></li></ul></nav></header><main class=main><header class=page-header><h1>Posts</h1></header><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>Taking Stock of Validation Checks</h2></header><div class=entry-content><p>When implementing cryptographic protocols, probably the most important thing is to not forget validating all inputs. Failing to do so can lead to inadvertant leakage of private information, state corruption, impersonation attacks… all kinds of vulnerabilities.
To give an example, you might remember the “goto fail” vulnerability, a bug in the TLS implementation used in iOS. Here, the verification function of signatures sent along with the ServerKeyExchange message, which ties the server identity to the transcript and ephemeral key material. Due to a hard-to-spot slipup, it returned success early and never really checked the signature, which would allow an attacker to man-in-the-middle the connection. While in this case they didn’t just forget to do the check, it does demonstrate why these checks are important.
...</p></div><footer class=entry-footer><span title='2024-09-30 00:00:00 +0000 UTC'>September 30, 2024</span>&nbsp;·&nbsp;Jan Winkelmann</footer><a class=entry-link aria-label="post link to Taking Stock of Validation Checks" href=https://blog.openmls.tech/posts/2024-09-30-taking-stock-of-validation-checks/></a></article><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>OpenMLS 0.6 released</h2></header><div class=entry-content><p>Today, we are releasing version 0.6 of OpenMLS. In this post we’ll go over the most significant changes since our last release.
...</p></div><footer class=entry-footer><span title='2024-09-30 00:00:00 +0000 UTC'>September 30, 2024</span>&nbsp;·&nbsp;Jan Winkelmann</footer><a class=entry-link aria-label="post link to Taking Stock of Validation Checks" href=https://blog.openmls.tech/posts/2024-09-30-validation/></a></article><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>OpenMLS 0.6 released</h2></header><div class=entry-content><p>Today, we are releasing version 0.6 of OpenMLS. In this post we’ll go over the most significant changes since our last release.
New Storage Provider To make it easier to persist group state, the KeyStoreProvider was replaced with the more powerful StorageProvider trait for tracking the state of a group or a party. This includes keys, but also other group state like the ratchet tree and the group context. OpenMLS writes to the storage at the end of any successful operation. This means that if the provider is backed by some persistent memory, the entire long-lived state of OpenMLS is automatically persisted.
...</p></div><footer class=entry-footer><span title='2024-09-04 00:00:00 +0000 UTC'>September 4, 2024</span>&nbsp;·&nbsp;Jan Winkelmann</footer><a class=entry-link aria-label="post link to OpenMLS 0.6 released" href=https://blog.openmls.tech/posts/2024-09-04-v0_6-release/></a></article><article class=post-entry><header class=entry-header><h2 class=entry-hint-parent>Post-Quantum OpenMLS</h2></header><div class=entry-content><p>OpenMLS now offers security against harvest-now-decrypt-later (HNDL) quantum adversaries.
In #1546 we merged support for the X-Wing KEM draft, which is an early draft for securely combining elliptic-curve-based Diffie-Hellman with ML-KEM. In particular, OpenMLS now supports the ciphersuite MLS_256_XWING_CHACHA20POLY1305_SHA256_Ed25519 with ciphersuite 0x004D. There is no IANA code-point for this ciphersuite yet, such that interoperability may not be guaranteed. We work with other implementers towards interoperability of this ciphersuite.
Expand Down
Loading

0 comments on commit fd4f687

Please sign in to comment.