The Messaging Layer Security (MLS) Architecture
draft-ietf-mls-architecture-07
| Document | Type | Expired Internet-Draft (mls WG) | |
|---|---|---|---|
| Authors | Benjamin Beurdouche , Eric Rescorla , Emad Omara , Srinivas Inguva , Albert Kwon , Alan Duric | ||
| Last updated | 2022-04-07 (Latest revision 2021-10-04) | ||
| Replaces | draft-omara-mls-architecture | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
plain text
html
xml
htmlized
pdfized
bibtex
|
||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Expired | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | Katriel Cohn-Gordon <me@katriel.co.uk>, Cas Cremers <cas.cremers@cs.ox.ac.uk>, Thyla van der Merwe< thyla.van.der@merwe.tech>, Jon Millican <jmillican@fb.com>, Raphael Robert <raphael@wire.com> |
https://www.ietf.org/archive/id/draft-ietf-mls-architecture-07.txt
Abstract
The Messaging Layer Security (MLS) protocol [MLSPROTO] document has the role of defining a Group Key Agreement, all the necessary cryptographic operations, and serialization/deserialization functions necessary to create a scalable and secure group messaging protocol. The MLS protocol is meant to protect against eavesdropping, tampering, message forgery, and provide good properties such as forward-secrecy (FS) and post-compromise security (PCS) in the case of past or future device compromises. This document, on the other hand is intended to describe a general secure group messaging infrastructure and its security goals. It provides guidance on building a group messaging system and discusses security and privacy tradeoffs offered by multiple security mechanism that are part of the MLS protocol (ie. frequency of public encryption key rotation). The document also extends the guidance to parts of the infrastructure that are not standardized by the MLS Protocol document and left to the application or the infrastructure architects to design. While the recommendations of this document are not mandatory to follow in order to interoperate at the protocol level, most will vastly influence the overall security guarantees that are achieved by the overall messaging system. This is especially true in case of active adversaries that are able to compromise clients, the delivery service or the authentication service.
Authors
Benjamin Beurdouche
Eric Rescorla
Emad Omara
Srinivas Inguva
Albert Kwon
Alan Duric
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)