The Messaging Layer Security (MLS) Architecture
draft-ietf-mls-architecture-07

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Active".
Expired & archived
Authors Benjamin Beurdouche , Eric Rescorla , Emad Omara , Srinivas Inguva , Albert Kwon , Alan Duric
Last updated 2022-04-07 (Latest revision 2021-10-04)
Replaces draft-omara-mls-architecture
RFC stream Internet Engineering Task Force (IETF)
Formats
txt html xml htmlized pdf bibtex bibxml
Reviews
ARTART Last Call review (of -13) by Valery Smyslov Ready w/issues
DNSDIR Telechat review (of -10) by David Lawrence Not ready
INTDIR Telechat review (of -10) by Tatuya Jinmei Ready w/nits
SECDIR Last Call review (of -10) by Yoav Nir Has nits
ARTART Last Call review (of -10) by Valery Smyslov Ready w/issues
SECDIR Early review (of -09) by Yoav Nir Has nits
ARTART Early review (of -09) by Valery Smyslov Not ready
GENART Early review (of -09) by Meral Shirazipour Almost ready
OPSDIR Early review (of -09) by Tim Wicinski Has nits
SECDIR Last Call Review due 2024-04-08 Incomplete
Additional resources Mailing list discussion
Stream WG state WG Document
Associated WG milestones
May 2018
Initial working group documents for architecture and key management
Sep 2022
Submit architecture document to IESG as Informational
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to Katriel Cohn-Gordon <me@katriel.co.uk>, Cas Cremers <cas.cremers@cs.ox.ac.uk>, Thyla van der Merwe< thyla.van.der@merwe.tech>, Jon Millican <jmillican@fb.com>, Raphael Robert <raphael@wire.com>
Email authors Email WG IPR References Referenced by Nits Search email archive

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

txt html xml htmlized pdf bibtex bibxml

Abstract

The Messaging Layer Security (MLS) protocol [MLSPROTO] document has the role of defining a Group Key Agreement, all the necessary cryptographic operations, and serialization/deserialization functions necessary to create a scalable and secure group messaging protocol. The MLS protocol is meant to protect against eavesdropping, tampering, message forgery, and provide good properties such as forward-secrecy (FS) and post-compromise security (PCS) in the case of past or future device compromises. This document, on the other hand is intended to describe a general secure group messaging infrastructure and its security goals. It provides guidance on building a group messaging system and discusses security and privacy tradeoffs offered by multiple security mechanism that are part of the MLS protocol (ie. frequency of public encryption key rotation). The document also extends the guidance to parts of the infrastructure that are not standardized by the MLS Protocol document and left to the application or the infrastructure architects to design. While the recommendations of this document are not mandatory to follow in order to interoperate at the protocol level, most will vastly influence the overall security guarantees that are achieved by the overall messaging system. This is especially true in case of active adversaries that are able to compromise clients, the delivery service or the authentication service.

Authors

Benjamin Beurdouche
Eric Rescorla
Emad Omara
Srinivas Inguva
Albert Kwon
Alan Duric

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)