Skip to main content

Messaging Layer Security (MLS) is now RFC 9420! MLS is a standard for end-to-end encryption in messaging systems. Many messaging systems, including, are working on supporting MLS. A huge thank you to @Richard Barnes and @Raphael Robert, and to many others, for their work on MLS.
I'm happy to be working on MLS support for You can see our progress at I've been working on it for several years now (the hardest part has been figuring out how to adapt it to work in a decentralised environment), but we're getting closer to something that's usable in clients. We have a proof-of-concept implementation (don't use it for anything serious, because it may self-destruct without warning), and some demo videos. And we'll be working on advancing our extensions for decentralisation into a standard, somehow.
One common question that comes up with MLS is whether different messaging systems that use MLS will be able to interoperate. For example, with Matrix, Wire, and Wickr using MLS, could users of one system communicate with users of the other? The short answer is "no", since even if the encryption system is the same, the payload is different. However, there is another working group at the IETF, mimi, that is working on that issue, so we may get interoperable end-to-end encrypted messaging in the not-too-distant future. Naturally we at are in on that effort (though not me personally, other than in a peripheral role).
I've given some talks about MLS in the past, including which is a hand-wavey high-level overview of how MLS works, and about MLS in Matrix.
Also, this seems like a good time to highlight the fact that end-to-end encryption is essential for secure communications, and attempts by governments to limit or backdoor encrypted messengers are misguided. There was a time when governments fought against SSL (now TLS), but now it is everywhere and widely accepted. Governments are now fighting against end-to-end encryption, but hopefully that will see the same fate as their fight against SSL.

td reshared this.

How does this relate to XMPP? Is it inspired on the key exchange approach used so far? Or is it something that XMPP might adopt in future?

@Hugo XMPP's OMEMO is based on the Double Ratchet system introduced by Signal, and used in most modern end-to-end encrypted messaging systems (before MLS). You could say that MLS is inspired by the Double Ratchet -- it came about from a desire to make something that scaled better than Double Ratchet for larger groups, and it uses some ratchet constructions. But MLS uses a tree structure that makes it more efficient, and also introduces some new features such as authenticated group membership.

XMPP might adopt MLS in the future, but I haven't heard of anyone trying to do so. But if anyone is working MLS in XMPP, I'd be interested to know.