Markdown Version | Session Recording

Session Date/Time: 25 Jul 2025 12:30

mls

Summary

The MLS working group session at IETF 123 covered several topics, including MLS Extensions, Targeted Messages, Flexible Hybrid Combiners (now Post-Quantum MLS with Advertised Overhead), PQ Cipher Suites, drafts used by MiMe, leaf operations, and an MLS/QUIC integration proposal. Discussions focused on implementation status, potential adoption of new drafts, and security considerations.

Key Discussion Points

• MLS Extensions: The group discussed the status of the MLS extensions draft (draft-08) and the lack of complete implementations. It was decided to proceed with a working group last call but to hold off on moving the draft forward until more implementations and feedback are received.
• Targeted Messages: A proposal to adopt the Targeted Messages draft as a separate document was discussed. Since the content was originally part of the MLS extensions document, the chairs will do an adoption call.
• Flexible Hybrid Combiners (Post-Quantum MLS with Advertised Overhead): The draft was renamed "Post-Quantum MLS with Advertised Overhead". The group is looking for more reviewers and implementers. Rafael offered to implement.
• PQ Cipher Suites: The group discussed the cipher suites included in the PQ document. Quinn Deng suggested including smaller cipher suites for constrained environments (ML Chem 512 and MLDSA 44). Richard Barnes asked about the need for pure ML Chem + non-MLDSA suites. Stavros had questions about the KDF/Hash usage in the combiner.
• Drafts used by MiMe: The group discussed the usage of MLS extensions, ratchet tree options, and semi-private messages in the MiMe protocol. A working group adoption call will be performed for ratchet tree options.
• Leaf Operations (Intents): Conrad presented a proposal for "intents," a mechanism to allow offline self-removal from MLS groups. Samir expressed concerns about the lack of multi-device support, while others offered alternate solutions and highlighted different potential use cases for such functionality.
• Quick and MLS: A proposal to integrate MLS into QUIC as a key establishment mechanism was presented. Discussion covered the benefits of MLS for asynchronous communication and post-compromise security, as well as concerns about the implications of introducing a multi-party key exchange protocol into a pairwise protocol.

Decisions and Action Items

• Decision: Proceed with a working group last call for MLS Extensions, but hold the document until more implementations are available.
• Decision: Do an adoption call for the Targeted Messages draft.
• Decision: Do an adoption call for the ratchet tree options draft.
• Action Item: Rafael will implement the "Post-Quantum MLS with Advertised Overhead" draft.
• Action Item: John Gray will review the "Post-Quantum MLS with Advertised Overhead" draft.
• Action Item: Chairs to send the Ratchet Tree Options and Targeted Messages adoption calls by Monday.

Next Steps

• Authors of "Post-Quantum MLS with Advertised Overhead" to incorporate feedback and prepare for working group last call.
• Working group to monitor the implementation status of MLS Extensions and address any issues raised during the last call.
• Continued discussion of leaf operations (intents) on the mailing list, considering the feedback received.