Bulletproof TLS Newsletter

RFC 9420: Messaging Layer Security

27 Jul 2023

Messaging Layer Security (MLS), a new standard that supports end-to-end encryption in messaging applications, has been released as RFC 9420. The name is an obvious riff on Transport Layer Security (TLS), but that’s not where the similarities end. MLS had been in development for about five years, which is similar to the time it took to produce TLS 1.3. Both standards were built on the protocols that came before them. Both standards engaged academia and a wider expert base to analyze the designs before they were considered complete. Is this what the new model for development of cryptographic protocols looks like?

To understand why we need MLS, we need to go back as far as 1991 and start with Pretty Good Privacy (PGP). Developed by Phil Zimmerman, PGP was the first attempt to provide end-to-end encryption for messaging—more specifically, for email. Although PGP provided some basic security, its usability was poor and cryptography weak by today’s standards. Crucially, its security relied on a master key. If that key became compromised, all communication, past and future, would be compromised as well.

Other standards followed. Off-the-Record (OTR) protocol focused on security of real-time (chat) messages, introducing forward secrecy and deniability. The Signal protocol further improved things by adding support for offline communication as well as post-compromise security. The Signal protocol in particular went on to achieve great success, being implemented not only by Signal, but also by WhatsApp, Facebook Messenger, Skype, and others.

Read More