Messaging Layer Security (MLS) is a security layer for encrypting messages in groups of two to many sizes.
In the month of April of this same year we share the news here on the blog on the approval of the publication of the MLS (Messaging Layer Security) standard by the IETF Committee (which develops Internet protocols and architecture) which basically makes it a standard and which also seeks to promote unification for the end-to-end security.
Now, a few weeks after this, the The IETF has released the news that the formation of the RFC for the MLS protocol has been completed. and that the related RFC 9420 specification was published, whereupon the specification received the status of "Proposed Standard".
With this new movement work will begin to give the RFC the status of a draft standard (Draft Standard), which actually means a complete stabilization of the protocol taking into account all the comments made.
Far it is mentioned that the tasks resolved by the protocol
- Privacy: messages can only be read by members of the group.
- Integrity and authentication guarantees: each message is sent by an authenticated sender and cannot be tampered with or altered en route.
- Authentication of group members: each member can verify the authenticity of other members of the group.
- Asynchronous operation – Encryption keys can be exposed without the need for both parties to be online.
- Forward Secrecy: compromising one of the participants does not allow decrypting the messages previously sent to the group.
- Post-compromise protection: Compromise of one of the participants does not allow decryption of messages that will be sent to the group in the future.
- Scalability: When possible, sublinear scalability in terms of resource consumption based on pool size.
the ML protocolS is designed to orchestrate end-to-end encryption in messaging apps. Be supposed to the introduction of MLS will unify the mechanisms end-to-end encryption of messages in groups that cover two or more participants and will simplify the implementation of its support in applications.
During its development at the IETF, MLS underwent a formal security analysis and industry review. It currently supports multiple cipher suites and makes it easy to add quantum-resistant cipher suites in the future.
The open processes and "running code" that are hallmarks of the IETF mean that MLS has already proven itself to be efficient at Internet scale.
With the new status of “proposed standard” a large number of projects and companies of which we can mention, for example, AWS, Google, Meta, Mozilla, as well as the Matrix Foundation, among others, announced their work to implement MLS support in their products.
The main objective to create a new protocol is the unification of means for end-to-end encryption and the introduction of a single protocol standardized and verified that it can be used instead of separate protocols developed by different vendors that solve the same tasks, but are not mutually compatible.
MLS makes it possible to use ready-made implementations of the protocol already tested in different applications, as well as to organize their joint development and verification. It is proposed to implement application layer portability at the authentication, key derivation, and privacy levels (compatibility at the transport and semantic levels is outside the scope of the standard).
The implementations of MLS are being developed in C++, Go, TypeScript, and Rust. The development of MLS is based on the experience of existing protocols used to secure message transmission, such as S/MIME, OpenPGP, Off the Record, and Double Ratchet.
Finally, it is worth mentioning that MLS support is already available on the Webex and RingCentral communication platforms and, as mentioned, it is planned to be included within Wickr and Matrix.
If you are interested in knowing more about it, you can check the details in the following link