Merge pull request #218 from ekr/issue209_external_joins

Clarify that groupinfos are also subject to access control. Fixes #209
mlswg · Jan 19, 2024 · 43680d2 · 43680d2
2 parents 8a2977a + 1c53600
commit 43680d2
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/draft-ietf-mls-architecture.md b/draft-ietf-mls-architecture.md
@@ -828,7 +828,10 @@ With both mechanisms, changes to the membership are initiated from inside the
 group.  When members perform changes directly, this is clearly the case.
 External joins are authorized indirectly, in the sense that a member publishing
 a GroupInfo object authorizes anyone to join who has access to the GroupInfo
-object. Both types of joins are done via a Commit message, which could be
+object, subject to whatever access control policies the application applies
+for external joins.
+
+Both types of joins are done via a Commit message, which could be
 blocked by the DS or rejected by clients if the join is not authorized.  The
 former approach requires that Commits be visible to the DS; the latter approach
 requires that clients all share a consistent policy. In the unfortunate event