Skip to main content
  • A Journey from Surathkal to the IETF

    We are final-year undergraduate students majoring in Computer Science and Engineering at the National Institute of Technology Karnataka (NITK) in the Surathkal town of Mangalore, India. IETF 122 in Bangkok marked our first in-person participation in the Internet Engineering Task Force – and what a journey it was.

    7 May 2025
  • Working on Post-Quantum Cryptography for Open Source Software from Africa

    During the IETF 122 Hackathon in Bangkok and online last month, the cyberstorm.mu team from Mauritius, the United States, and Kenya participated remotely to implement post-quantum cryptography components currently missing from widely-used open source software such as nmap, zmap, wireshark, and GnuTLS.

    30 Apr 2025
  • IETF 122 post-meeting survey

    IETF 122 Bangkok was held 15-21 March 2025 and the results of the post-meeting survey are now available on a web-based interactive dashboard.

    17 Apr 2025
  • IETF Snapshot 2024

    Want to catch up on IETF activity in 2024? How many RFCs were published? How many Internet-Drafts were submitted? How many Working Groups were chartered or concluded? The IETF Snapshot provides a short summary of IETF activity for the previous year.

    17 Apr 2025
  • Report from RPC Retreat 2025

    In early April 2025, the RFC Production Center (RPC) and IETF LLC senior staff met for the first RPC retreat following the contract change that now has the RPC reporting directly to the IETF Executive Director. This was a high-level retreat, the first of its kind for the RPC, looking at community requirements and the RPC internal processes that deliver those.

    16 Apr 2025

Filter by topic and date

Filter by topic and date

Messaging Layer Security: Secure and Usable End-to-End Encryption

29 Mar 2023

The IETF has approved publication of Messaging Layer Security (MLS), a new standard for end-to-end security that will make it easy for apps to provide the highest level of security to their users. End-to-end encryption is an increasingly important security feature in Internet applications. It keeps users’ information safe even if the cloud service they’re using has been breached.

MLS-logo-horizontal-color-01

For an app to provide end-to-end encryption, it needs an extra layer of cryptography that sets up encryption keys among the devices participating in a conversation, so that these devices can encrypt users’ data in a way that cloud services can’t decrypt. Before MLS, there was no open, interoperable specification for this extra layer. MLS fills this gap, providing a system that is completely specified, formally verified, and easy for developers to use.

MLS builds on the best lessons of the current generation of security protocols. Like the widely used Double Ratchet protocol, MLS allows for asynchronous operation and provides advanced security features such as Post-Compromise Security. And, like TLS 1.3, MLS provides robust authentication, and its security properties have been verified by formal analyses. MLS combines the best features of these predecessors, and adds on features like efficient scaling to conversations involving thousands of devices without sacrificing security.

Draft versions of MLS have been deployed at scale to protect sensitive real-time conversations in Webex and RingCentral communications products. These early deployments provide validation of MLS’s ability to work well in real-world scenarios, at the scale of major communications services. Other apps, such as Wire, Wickr and Matrix, are planning to transition to MLS, and the IETF MIMI working group expects to use MLS as the end-to-end encryption layer in their solution for interoperable messaging.

This is just the beginning for MLS, though. There are already a handful of MLS implementations, including multiple open-source implementations. But, more implementations will make it easier to use MLS in more places. Likewise, more deployments will provide valuable lessons on how future versions of MLS need to improve. And while MLS is a major piece of the end-to-end security story, there are still important pieces yet to be written, for example, creating a strong identity that can integrate with MLS’s authentication system and secrets management systems that help users have a more seamless experience.


Share this page