Skip to main content
  • Suggested IETF 119 Sessions for Getting Familiar with New Topics

    These IETF 119 meeting sessions included discussions and proposals that are accessible to a broad range of Internet technologists whether they are new to the IETF or long-time participants.

      26 Feb 2024
    • Google and consortium of local organizations to host first Australian IETF meeting in over 20 years

      Google, auDA, and Internet Association Australia (IAA) provide key support for Brisbane meeting to be held 16-22 March 2024

        23 Feb 2024
      • JSONPath: from blog post to RFC in 17 years

        Today the JSONPath RFC (RFC 9535) proposed standard was published, precisely 17 years after Stefan Gössner wrote his influential blog post JSONPath – XPath for JSON that resulted in some 50 implementations in various languages.

        • Glyn NormingtonRFC 9535 Editor
        21 Feb 2024
      • Stepping towards a Sustainable Internet

        The IAB’s new Environmental Impacts of Internet Technology (E-Impact) program will hold its first virtual interim meeting over two slots on 15 and 16 February 2024. These interim meetings are open to participation, and we invite all interested community members to join, participate, and contribute.

        • Jari ArkkoE-Impact Program Lead
        • Suresh KrishnanE-Impact Program Lead
        7 Feb 2024
      • What’s the deal with Media Over QUIC?

        In 2022, the IETF formed a working group for Media Over QUIC (MoQ)—a media delivery solution that has the potential to transform how we send and receive media during live streaming, real-time collaboration, gaming, and more.

        • Brett BralleyThought Leadership Content Writer, Cisco
        25 Jan 2024

      Filter by topic and date

      Filter by topic and date

      Messaging Layer Security: Secure and Usable End-to-End Encryption

      • Nick SullivanMLS Working Group Chair
      • Sean TurnerMLS Working Group Chair

      29 Mar 2023

      The IETF has approved publication of Messaging Layer Security (MLS), a new standard for end-to-end security that will make it easy for apps to provide the highest level of security to their users. End-to-end encryption is an increasingly important security feature in Internet applications. It keeps users’ information safe even if the cloud service they’re using has been breached.

      MLS-logo-horizontal-color-01

      For an app to provide end-to-end encryption, it needs an extra layer of cryptography that sets up encryption keys among the devices participating in a conversation, so that these devices can encrypt users’ data in a way that cloud services can’t decrypt. Before MLS, there was no open, interoperable specification for this extra layer. MLS fills this gap, providing a system that is completely specified, formally verified, and easy for developers to use.

      MLS builds on the best lessons of the current generation of security protocols. Like the widely used Double Ratchet protocol, MLS allows for asynchronous operation and provides advanced security features such as Post-Compromise Security. And, like TLS 1.3, MLS provides robust authentication, and its security properties have been verified by formal analyses. MLS combines the best features of these predecessors, and adds on features like efficient scaling to conversations involving thousands of devices without sacrificing security.

      Draft versions of MLS have been deployed at scale to protect sensitive real-time conversations in Webex and RingCentral communications products. These early deployments provide validation of MLS’s ability to work well in real-world scenarios, at the scale of major communications services. Other apps, such as Wire, Wickr and Matrix, are planning to transition to MLS, and the IETF MIMI working group expects to use MLS as the end-to-end encryption layer in their solution for interoperable messaging.

      This is just the beginning for MLS, though. There are already a handful of MLS implementations, including multiple open-source implementations. But, more implementations will make it easier to use MLS in more places. Likewise, more deployments will provide valuable lessons on how future versions of MLS need to improve. And while MLS is a major piece of the end-to-end security story, there are still important pieces yet to be written, for example, creating a strong identity that can integrate with MLS’s authentication system and secrets management systems that help users have a more seamless experience.


      Share this page