Mastodawn

@jesseplusplus @boris do either of you know Signal’s position on MLS?

@heapwolf @jesseplusplus haven’t looked into it. MLS is about secure handshakes, not necessarily the entire messaging application. It doesn’t mean Signal would automatically interop with other encrypted messengers.

I’m bullish on MLS and we @fission have some work to do to go back and remove the custom stuff we built, because integrating a supported MLS library will mean less maintenance for us, plus more security if it’s widely used / tested / audited.

@boris @jesseplusplus @fission I’m a bit unclear on what you’re saying, did you just say you haven’t looked into it?

@heapwolf MLS good, still doesn’t do interop without more work, Signal adopting it likely not going to happen, although the latter is just a feeling on my part.

@boris I’m still not totally sure I understand 😂 but we’ve implemented HPKE and we’re implementing MLS over P2P. Anyway, the reason I asked was, MLS comes from async ratchet trees, and those came from double ratchet, and most of the associated cost they seem to face is the sync nature of double ratchet.

@heapwolf we made a skip ratchet https://eprint.iacr.org/2022/1078

Skip Ratchet: A Hierarchical Hash System

@boris I just briefly read the paper, it seems like the big trade-off is between post-compromise security and permisionless key agreement. But it also talks about distributing a new ratcheted the list every i steps, that implicates it may have some synchronous properties. I need to dig in. Looks interesting. I won’t say you’re wrong about MLS — I’m still unclear what you mean by “interop” though.

@heapwolf MLS by itself doesn’t mean chat service A can interop with chat service B

@boris I don’t think i or anyone else had that expectation.

@boris my only expectation from MLS is an algorithm for asynchronously securing group messages — perfect forward and post compromise

Jesse Karmani Nov 16, 2023

@heapwolf @boris I don’t, sorry.