International Association
for Cryptologic Research

This presentation delves into the recent publication of the Messaging Layer Security (MLS) standard, its unique features, and its impact on the future of secure messaging. We will discuss the standardization process of MLS, highlighting what worked, areas for improvement, and how formal analysis has been pivotal in building this new standard for the first time in a way that significantly departs from TLS due to the complexity of the protocol. In the first section, we will explore the core properties of the final version of MLS, such as the continuous group key agreement at its core and diverse properties such as message consistency, features that distinguish it from the Signal protocol. The presentation will cover the tradeoffs chosen by the MLS as we decided to ensure membership agreement and transparency as well as message consistency and non-repudiation as a default unlike existing protocols. We will also explore consequences of those choices such as the increased ability of malicious insiders to perform denial of service attacks on the group in absence of specific extensions being designed for group state proofs of correctness. If time permits, we might mention how to add deniability to the protocol. The next section of the presentation will focus on the future of MLS, discussing Post-Quantum cryptography and our ability to retain PCS in this context. We will mention efficiency challenges, and metadata privacy models depending on service provider architectures which make significant differences in the concrete privacy properties of a deployment. This will be followed by an examination of implementations and deployments, such as in Cisco WebEx and Google's commitment to deploying MLS for Android Messages and RCS 2.0. This last use case is expected to represent over a billion Monthly Active Users in 2024. If time permits, we will discuss potential deployments on platforms like Android and the Web and the challenge it causes, especially with respect to tracking on the Web. A second part of the talk will be dedicated to interoperability challenges in the context of the Digital Market Act (DMA) and how the MIMI working group will tackle that challenge at the IETF. We will explore the influence of DMA on messengers, identify unresolved issues, and discuss the integration of MLS with MIMI, especially with respect to identifiers and privacy considerations. The presentation will conclude with a forward-looking statement about the continued evolution of MLS and its applications. This abstract captures the essence of our discussion: MLS is a substantial development in secure messaging, designed for large dynamic groups and expected to reach billions of monthly active users in the next few years through platforms like Android or the Web. MLS stands as a cornerstone for secure messaging, co-designed with academic input and integrated with technologies like SFrame for WebRTC or eventually later Media over QUIC (MOQ).