After years of intense standards development, the Internet Engineering Task Force (IETF) officially published today Messaging Layer Security (MLS) as RFC 9420. MLS is the first global open standard for end-to-end encrypted communications and has been jointly developed by industry peers and academic institutions. Wire was an initiator of MLS in 2016 and has been a key contributor ever since.
“The advent of Messaging Layer Security marks a monumental leap forward in establishing secure communications, poised to redefine the entire communications industry permanently.” says Alan Duric, Co-Founder and Chief Scientist of Wire. “Previously, technologies like Voice-over-IP and WebRTC played a significant role in democratizing global communication. Now, with MLS, we are building upon this success to again impact billions of people and achieve secure communication at an unprecedented scale. Moreover, MLS serves as anessential technical foundation, enabling interoperability between encrypted messaging solutions on an Internet-wide level.” Messaging Layer Security is inspired by the huge success of encrypting the communication between users and websites and other web services using Transport Layer Security (TLS), a crucial security component of today’s Internet. Messaging Layer Security adds end-to-end encryption to messaging applications by providing a standardized and open framework.
Messaging Layer Security is inspired by the huge success of encrypting the communication between users and websites and other web services using Transport Layer Security (TLS), a crucial security component of today’s Internet. Messaging Layer Security adds end-to-end encryption to messaging applications by providing a standardized and open framework.
Benefits to technology providers and end-users
Messaging Layer Security brings many benefits to technology providers and end-users alike. MLS already enjoys wide support within the industry and will thus be a reliable basis upon which to build applications and services. As a global open standard under the IETF, no one individual or organization can decide solely to change the protocol. For end-users, MLS will bring performance benefits for communication within large groups, as well as accountability on membership in messenger groups and increased interoperability.
“While many of the changes MLS introduces to the communications landscape are ‘under the hood’, users will feel the increased speed and reliability of the protocol. Security, but at Internet scale”, says Rohan Mahy, Vice President Engineering, Architecture at Wire. “The new mechanism where we derive the group encryption keys from all participants of a group is not only much more performant than encryption using today’s encryption mechanisms. It also allows for much better accountability of a group’s membership – as participants who are removed from a conversation will not be able to decrypt any further messages that are being sent.”
More Interoperability
Messaging Layer Security is the logical protocol choice for the work that the IETF MIMI Working Group (More Instant Messaging Interoperability) is undertaking. Interoperability between end-to-encrypted messenger services is not just wishful thinking; it is a compliance requirement. Under the European Commission’s Digital Markets Act article 7, large providers of Instant Messaging Services are required to make APIs available for interoperability from 2024 onwards. Wire is in close discussion with the European Commission and the relevant technical regulators to advance this process.
Wire was one of the initiators of Messaging Layer Security in 2016, and has been a key contributor ever since. Employees from companies such as Mozilla, Cisco, Google, Cloudflare, Amazon, and Meta; and research organizations such as INRIA, Oxford University, The US Naval Postgraduate School, and ETH Zurich have made major contributions to the protocol. We want to extend our gratitude towards this incredible community of peers and to the IETF for facilitating this process.
Wire: Delivers end-to-end encrypted messaging, voice, and video chat; on-prem or in the cloud; for security-conscious customers such as Orange, Exxon, the German Federal Government, and law enforcement agencies and military worldwide. All Wire’s code is open source for transparency.
IETF: The Internet Engineering Task Force (IETF) is the premiere Internet standards body creating open protocols to ensure that the global Internet is built on the highest-quality technical standards. These standards, shaped by rough consensus and informed by running code, are developed by a large volunteer community of leading engineering and technical experts from around the world. IETF processes are open and transparent, and IETF standards are freely available to anyone.
MLS will handle the payload. The metadata will be handled by the individual messenger maintainers.
So in other words metadata handling isn't part of the protocol itself?
It does encrypt some of the metadata, but a full audit of the servers and clients would reveal how effective it is. I do share the same concerns you have though.
That's interesting that some of the metadata does get encrypted. I hope enough of it so that it makes it more difficult for an authoritarian government agency to draw conclusions from.