The Messaging Layer Security (MLS) Protocol

Document Type Replaced Internet-Draft (mls WG)
Authors Richard Barnes  , Jon Millican  , Emad Omara  , Katriel Cohn-Gordon  , Raphael Robert 
Last updated 2018-08-07 (latest revision 2018-07-02)
Replaced by draft-ietf-mls-protocol
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state Adopted by a WG
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-mls-protocol
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Messaging applications are increasingly making use of end-to-end security mechanisms to ensure that messages are only accessible to the communicating endpoints, and not to any servers involved in delivering messages. Establishing keys to provide such protections is challenging for group chat settings, in which more than two participants need to agree on a key but may not be online at the same time. In this document, we specify a key establishment protocol that provides efficient asynchronous group key establishment with forward secrecy and post-compromise security for groups in size ranging from two to thousands.


Richard Barnes (
Jon Millican (
Emad Omara (
Katriel Cohn-Gordon (
Raphael Robert (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)