Barking Up the Ratchet Tree – MLS Is Neither Royal nor Nude
16 days ago
- #Cryptography
- #Science Communication
- #MLS
- Technical writing requires knowing your audience, but practical examples are often lacking.
- Science communication is challenging, especially when the audience is unknown or diverse.
- RFCs by the IETF are technical documents aimed at engineers, with a focus on security risks.
- MLS (Messaging Layer Security) is a protocol for group key agreement, not a complete encryption solution.
- MLS requires two services: Delivery Service for message transfer and Authentication Service for identity verification.
- Poberezkin's blog post criticizes MLS for requiring trust in the Authentication Service, calling it a 'Trust Me Bro' security model.
- MLS does not specify the Authentication Service in detail, leaving it to implementers, which can lead to misunderstandings.
- Key transparency is a proven technology used by WhatsApp and iMessage, and could be integrated with MLS in the future.
- The name 'Messaging Layer Security' is misleading as MLS is primarily a group key agreement protocol.
- Poberezkin's criticisms stem from a misunderstanding of MLS's scope and purpose, highlighting a science communication issue.