Free Trial
Contact Us
Podcast

Root Causes 329: What Is Messaging Layer Security?

Hosted by
Tim Callan
Tim Callan
Chief Compliance Officer
Jason Soroko
Jason Soroko
Fellow
Original broadcast date
August 29, 2023

The recently published Messaging Layer Security (MLS) protocol establishes key exchange protocols for participants in a simultaneous communication session for three or more participants. We explain its significance and possible futures for this standard.

Podcast Transcript

Lightly edited for flow and brevity.
Tim CallanTim CallanSo we have an interesting development and I think this is probably the first time we've ever talked about this, but there is a new RFC from the IETF. This is a proposed standard that went from draft form into proposed form in July of 2023 and it's RFC 9420, aka, the Messaging Layer Security (MLS) protocol. The Messaging Layer Security protocol. So sounds intriguing. What is this, Jason?
Jason SorokoJason SorokoYes. MLS. Hey, sounds a little like TLS. I wonder if that was on purpose? I bet you it was. Let's put this into its context.

There have been messaging protocols for a while now and some of them are proprietary, and they belong to the big tech companies. I use Apple's iMessage fairly often and that's an example of this. But let's go all the way back. I think that you could, back in the day, have used something like PGP, Tim? Which is something that maybe one of these days, we will do a podcast. The reason Tim's laughing is because we've been planning that one for quite a while.
Tim CallanTim CallanEvery once in a while. Yes. Go back to many old episodes where we discuss this, but go on, Jason.
Jason SorokoJason SorokoAnd of course, it had its extremely positive sides. It also had its downsides to usability. And this is part of what we're going to prove in the podcast. So I think that also we can't talk about any of this without talking about OTR protocol, off the record protocols, but I think one that kind of made a lot of waves was Signal. The Signal protocol.

Which really, really started to make things easy and secure. Offline communications was something that was different, but I think one of the things that really was big about it was the fact that there was a lot of uptake on it. I remember when WhatsApp first talked about implementing Signal at its underneath it, I was like, wow, geez, that's kind of a big deal. And there are others as well who have moved off of their own either proprietary protocols or older protocols and moved to Signal.

But you know what none of them did great, Tim, and in fact, even Apple iMessage wasn't great for this until not long ago, and it was a tough problem to solve, was things such as group communications.

And so I think what's different here is group communications, the fact that there's the implementation is in a full blown RFC. It's not just something that was created and it is, you know, I haven't delved into this. I have to admit mea culpa to anybody listening who might see this as a mistake. I'll say something that I haven't double and triple checked. But, the open source licensing for this is going to be great so that people can really start to adopt this implementation that's being standardized here. But, we talked about Rust in previous podcasts, and we talked about how Rust is great, in the sense that it helps - - the whole purpose - - well, one of the purposes of using it is that bugs that are introduced by coding practices and other low level languages can sometimes lead to things like buffer overflows and bugs that are found later on. Imagine if this thing takes off, Tim, and it gets implemented by all these different people who knows, maybe all of us around the world might be using MLS to chat with each other in a secure way. Imagine if there was some bug and oh my goodness. That would be an oh my goodness moment. Well, there apparently, and this is what I haven't triple checked, reference implementation within Rust is kind of an interesting development here.
Tim CallanTim CallanOk. So, let's make sure we're being clear. So, a two way key exchange is very, very well established. If you and I have a two part connection that occurs like, for instance, in a TLS connection, then that's a two way key exchange, that stuff has been in place for a long time. It's very robust. It works very well. It's efficient. It ticks all the boxes. What's special in this case is that it's a key exchange between more than two points, which is fundamentally more different and more different, fundamentally different, and the more participants you have in that group dialogue, the more inefficient the key exchange becomes, right, because it increases multiplicatively, or worse. And so in that sense, having a key exchange that is still secure and effective and error proof is really what's the objective here. Is that correct?
Jason SorokoJason SorokoI think that's part of it, Tim. It is definitely a part of it. I think that what they have achieved here, and I'm going to point you guys to a blog post on The Stack. I'll read out the title to you RFC 9420, aka Messaging Layer Security [MLS] – An Overview. This is Raphael Robert, July 18 2023. Go look for that. Really, really great write up about what it is and how it's different. And I think what is being explained here, a little bit of math for you, you can imagine, Tim, just with what you just said the sender of a message has to in a multipoint kind of communication, a group communication, will have to upload a message for every other group member.

The number of members in a group exponentially creates work that has to be done in terms of encryption. And what MLS is able to do here is instead of being exponential, this is a logarithmic relationship of complexity as you add members to the group and so therefore, as it says, in the article, I'll read it right off, it makes it very well suited, even for large groups. And so, obviously, there's just a ton of work that has been done inside of here. We can get into maybe in a future podcast, we'll get right into the mechanism. But I think there's some real clever work that has gone on into this implementation.
Tim CallanTim CallanGot it. So ok. Great. So what happens now? So this is a proposed standard. What are the next steps with something like this?
Jason SorokoJason SorokoI think that you could always kick the can and move towards the next level. But the RFC state that this is in right now, I think still is going to be going through a standardization process to bring it to a final. So there's another phase that it will have to go through. But, on the other hand, I think that where you're at is, you know, there's quite a bit of stability now in terms of the standard. And so it's not a final standard, but it's at the point where you can imagine a lot of people who have messaging in their applications, or people who are the startups of tomorrow, who will be building this in, will be looking at this very, very carefully.

And Tim, I think one point that needs to be made here, of course, you always got to talk about the 800-pound gorillas, but I do believe, I do believe, that Google messages will be implementing MLS, which is going to be a huge shot in the arm for it.
Tim CallanTim CallanOk. You bet. And so at a bare minimum, even if the standard is going to be finalized, oftentimes with these kinds of things, you can start work. If you have a good idea of the basic format and framework for what you're going to be working with, there's a lot of good development work that can be done. Product specifications can be made, people need to get a sense for a capacity. There's a whole lot of work that can be done, even if there are tiny little nitpicky things that need to be resolved. And maybe you can't go all the way to production code, but you may be able to get far down the path and I could imagine somebody who intends to use MLS to go ahead and be starting a project, knowing in confidence that those issues will be settled by the time you need them.
Jason SorokoJason SorokoThere's a Google security blog titled, An Important Step Towards Secure and Interoperable Messaging, dated July 19, 2023, and let me read off one of the sentences to you here, Tim.

There's a whole lot of preamble which touts MLS, and it ends with: “This is why we intend to build MLS into Google messages and support its wide deployment across the industry by open sourcing our implementation in the Android codebase.” Guess what? That means the MLS is gonna become a big deal.
Tim CallanTim CallanThere you go. And, fine. I mean, once it's open sourced, it makes it so much easier for everybody else to do the same thing. That's great.

So, all right. Well, that's good. I think that's an interesting development and exciting to hear about and it sounds like it's generally going to be a step up in security and performance for messaging across the ecosystem.
Jason SorokoJason SorokoThanks a lot, Tim. It was an interesting topic, and we'll probably be talking more about this in the future.

Stay informed with expert insights

Subscribe to Root Causes for engaging discussions on PKI, digital security, and best practices for protecting your organization's critical assets. Don’t miss an episode!

Listen on Apple PodcastsListen on SpotifyListen on SoundCloud