Status update for WG mls

On Monday we discussed several of the current drafts and made some progress in understanding the design options and moving the documents forward. The architecture document was presented by Emad Omara, which was mostly uncontroversial.

The protocol document took most of the time at this meeting. The big problem of group members having access to the keys of multiple group members (the double-join problem) was discussed at length. Most of the issues were around efficiency and making sure that any double-join protection mechanism continues to be logarithmic instead of devolving into linear time. New ideas were introduced around group initialization and giving a special exception to the group initializer --- which was a promising idea. Nadim Kobeissi presented remotely about authentication which illustrated how derived signature keys could improve the situation where authentication keys are compromised.
  
On Thursday we reviewed the message protection draft, recapping the work that was presented at the interim about message protection. This led to a vigorous debate about forward secrecy. We also discussed a potential interim in January in San Jose, CA in order to take advantage of the presence of Real World Crypto.
Back