Messaging Layer Security Explained

Messaging Layer Security (MLS) is a security layer for end-to-end encrypting messages in arbitrarily sized groups. It is maintained by the MLS working group of the Internet Engineering Task Force to provide an efficient and practical security mechanism.^{[1] [2] [3]}

Security properties

Security properties of MLS include message confidentiality, message integrity and authentication, membership authentication, asynchronicity, forward secrecy, post-compromise security, and scalability.^[4]

History

The idea was born in 2016 and first discussed in an unofficial meeting during IETF 96 in Berlin with attendees from Wire, Mozilla and Cisco.^[5]

Initial ideas were based on pairwise encryption for secure 1:1 and group communication. In 2017, an academic paper introducing Asynchronous Ratcheting Trees was published by the University of Oxford and Facebook setting the focus on more efficient encryption schemes.^[6]

The first BoF took place in February 2018 at IETF 101 in London. The founding members are Mozilla, Facebook, Wire, Google, Twitter, University of Oxford, and INRIA.^[7]

As of March 29, 2023, the IETF has approved publication of Messaging Layer Security (MLS) as a new standard.^[8] It was officially published on July 19, 2023.^{[9] [10]}

Matrix is one of the protocols declaring migration to MLS.^[11]

Implementations

• OpenMLS: language: Rust, license: MIT
• MLS++: language: C++, license: BSD-2
• mls-rs: language: Rust, license: MIT, Apache 2.0
• MLS-TS: language: TypeScript, license: Apache 2.0

External links

• RFC 9420 The Messaging Layer Security (MLS) Protocol

Notes and References

1. Web site: Inside MLS, the New Protocol for Secure Enterprise Messaging. Dark Reading. 27 June 2019 . en. 2019-11-15.
2. Web site: Elders of internet hash out standards to grant encrypted message security for world+dog. at 10:29. Richard Chirgwin 22 Aug 2018. www.theregister.co.uk. en. 2019-11-15.
3. Web site: Messaging Layer Security . GitHub.
4. Web site: Messaging Layer Security (mls) -. datatracker.ietf.org. 2019-03-05.
5. Web site: Das sind die sieben Entwickler-Trends 2019: Vom Java-Comeback über MLS bis KI/ML-zentrierte Technologien . IT Finanzmagazin . 2 January 2019 . 7 January 2019.
6. Cohn-Gordon. Katriel. Cremers. Cas. Garratt. Luke. Millican. Jon. Milner. Kevin. 2017. On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees. Cryptology ePrint Archive .
7. News: Chirgwin . Richard . Elders of internet hash out standards to grant encrypted message security for world+dog . 30 November 2018 . 22 August 2018.
8. Web site: Sullivan . Nick . Turner . Sean . 2023-03-29 . Messaging Layer Security: Secure and Usable End-to-End Encryption . 2023-07-28 . IETF.
9. Web site: 2023-07-19 . New MLS protocol provides groups better and more efficient security at Internet scale . 2023-07-28.
10. Web site: Beurdouche . Benjamin . Vasquez . Sarah . 2023-07-20 . Messaging Layer Security is now an internet standard . 2023-07-28 . Mozilla.
11. Web site: Are We MLS Yet? . 2024-09-23 . Are We MLS Yet? . en-US.