Overview#Messaging Layer Security (MLS) is a Security Layer for End-to-end Encryption of messages in groups of size two to many.
- an architecture document (source) setting out the context, problem domain and security requirements,
- a protocol document (source) defining the protocol itself.
Messaging Layer Security Message Secrecy and Authentication#The trust establishment step of the MLS protocol is followed by a conversation protection step where encryption is used by clients to transmit authenticated messages to other clients through the Delivery Service. This ensures that the Delivery Service does not have access to the group's private content.
Message Secrecy in the context of MLS means that only intended recipients (current group members), can read any message sent to the group, even in the context of an active adversary as described in the threat model.
Message Integrity and Authentication mean that an honest client can only accept a message if it was sent by a group member and that a client cannot send a message which other clients would accept as being from a different client.
A corollary to this statement is that the AS and the DS cannot read the content of messages sent between members as they are not members of the group. MLS optionally provides additional protections regarding traffic analysis so as to reduce the ability of adversaries, to deduce the content of the messages depending on (for example) their size. One of these protections includes padding messages in order to produce ciphertexts of standard length. While this protection is highly recommended it is not mandatory as it can be costly in terms of performance for clients and the MS.
Message content can be deniable if the signature keys are exchanged over a deniable channel prior to signing messages.