Messaging Layer Security

Messaging Layer Security (MLS) is a security layer for end-to-end encrypting messages. It is maintained by the MLS working group of the Internet Engineering Task Force, and is designed to provide an efficient and practical security mechanism for groups as large as 50,000 and for those who access chat systems from multiple devices.^[1][2][3]

Security properties of MLS include message confidentiality, message integrity and authentication, membership authentication, asynchronicity, forward secrecy, post-compromise security, and scalability.^[4]

The idea was born in 2016 and first discussed in an unofficial meeting during IETF 96 in Berlin with attendees from Wire, Mozilla and Cisco.^[5]

Initial ideas were based on pairwise encryption for secure 1:1 and group communication. In 2017, an academic paper introducing Asynchronous Ratcheting Trees was published by the University of Oxford and Facebook setting the focus on more efficient encryption schemes.^[6]

The first BoF took place in February 2018 at IETF 101 in London. The founding members are Mozilla, Facebook, Wire, Google, Twitter, University of Oxford, and INRIA.^[7]

As of March 29, 2023, the IETF has approved publication of Messaging Layer Security (MLS) as a new standard.^[8] It was officially published on July 19, 2023.^[9][10] At that time, Google announced it intended to add MLS to the end to end encryption used by Google Messages over RCS.^[11]

Matrix is one of the protocols declaring migration to MLS.^[12]

Research on adding post-quantum cryptography (PQC) to MLS is ongoing, but MLS does not currently support PQC.^[13][14][15]

• OpenMLS: language: Rust, license: MIT
• MLS++: language: C++, license: BSD-2
• mls-rs: language: Rust, license: MIT, Apache 2.0
• MLS-TS: language: TypeScript, license: Apache 2.0

• RFC 9420 The Messaging Layer Security (MLS) Protocol

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

• v
• t
• e