The Messaging Layer Security (MLS) Protocol

The information below is for an old version of the document
Document Type Expired Internet-Draft (mls WG)
Authors Richard Barnes  , Benjamin Beurdouche  , Jon Millican  , Emad Omara  , Katriel Cohn-Gordon  , Raphael Robert 
Last updated 2020-09-07 (latest revision 2020-03-06)
Replaces draft-barnes-mls-protocol
Stream Internet Engineering Task Force (IETF)
Expired & archived
plain text xml pdf htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to,,,,,,,

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Messaging applications are increasingly making use of end-to-end security mechanisms to ensure that messages are only accessible to the communicating endpoints, and not to any servers involved in delivering messages. Establishing keys to provide such protections is challenging for group chat settings, in which more than two clients need to agree on a key but may not be online at the same time. In this document, we specify a key establishment protocol that provides efficient asynchronous group key establishment with forward secrecy and post-compromise security for groups in size ranging from two to thousands.


Richard Barnes (
Benjamin Beurdouche (
Jon Millican (
Emad Omara (
Katriel Cohn-Gordon (
Raphael Robert (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)