@techreport{kohbrok-mls-decentralized-mls-00,
    number =    {draft-kohbrok-mls-decentralized-mls-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-kohbrok-mls-decentralized-mls/00/},
    author =    {Konrad Kohbrok},
    title =     {{Decentralized Messaging Layer Security}},
    pagetotal = 7,
    year =      2025,
    month =     mar,
    day =       17,
    abstract =  {Messaging Layer Security provides strong end-to-end security guarantees for group messaging including Forward Secrecy (FS) and Post-Compromise Security (PCS). However, MLS requires a Delivery Service (DS) to facilitate agreement between group members on the order of Commit messages. In decentralized settings the only way to implement a functional DS is to require group members to retain key material so they can process commits out-of-order. Retaining key material this way is in violation of the MLS deletion schedule and significantly reduces the FS of the protocol. This draft specifies Decentralized MLS, based on the the Fork-Resilient Continuous Group Key Agreement protocol FREEK proposed by Alwen et al. {[}FRCGKA{]}. In essence, DMLS extends MLS such that key material can be retained to process Commits out-of-order with minimal losses to FS, thus allowing safer deployment in decentralized environments.},
}