**Session Date/Time:** 21 Mar 2024 23:30 # mls ## Summary The MLS working group met to discuss several active working group drafts, individual drafts, and new ideas. A primary focus was resolving the remaining issue in the MLS Architecture draft to enable its finalization and advancement to IETF last call. The meeting also covered post-quantum hybrid designs, MLS credentials, MiMe-related drafts, virtual clients, and paradigm loss. ## Key Discussion Points * **MLS Architecture Draft - Cryptographic Group Operations:** Two options were presented for handling the cryptographic group operations recommendation: changing the recommendation or removing it and providing additional context. The group leaned towards landing pull request 246, which involves adding more text and removing the recommendation. * **Post Quantum MLS:** Three approaches were discussed for post-quantum MLS: hybrid KEMs, session combiners, and key-per-node. The group leaned towards approach 1 (hybrid KEMs) for its simplicity. Authenticity considerations (signatures) were introduced, and the need for hybrid vs PQ-only signature suites was discussed. The importance of protecting key packages and message authentication was emphasized. * **MLS Credentials:** A reminder about the MLS Credentials draft was presented, highlighting the desire for verifiable credentials and the ability to present multiple credentials. The adoption call was positive. * **MLS Extensions:** Various potential MLS extensions were discussed, including key package context, self-remove proposal, and the addition of the ratchet tree extension. Key package context aimed to provide a way to set conditions on key package usage. The group discussed generically handling pending proposals. * **AppSync:** A proposal for application state synchronization (AppSync) was presented, focusing on how to communicate state changes between applications and MLS. A key question was whether the state imported into MLS should be intelligible or opaque. * **Light Clients:** A draft outlining light clients, a variant of MLS clients that do not download or keep the ratchet tree, was presented. The aim is to improve scalability and reduce memory requirements. Security considerations related to reduced authentication guarantees were noted. * **Virtual Clients:** The concept of virtual clients, where multiple MLS clients collaborate to simulate a higher-level MLS client, was revisited. A challenge is ensuring that application messages from multiple virtual clients within a group don't reuse keys and nonces. Three solutions were proposed: allotting generation ranges to clients, a puncturable PRF approach, and relying on the delivery service (DS) to prevent collisions. ## Decisions and Action Items * **MLS Architecture Draft:** Land pull request 246. * **MLS Credentials:** Re-issue adoption call to satisfy process, since ISG requirement on Architecture document is about to be met. * **Post Quantum MLS:** Focus on approach 1 (hybrid KEMs). * **Virtual Clients:** Continue discussion on the mailing list and potentially schedule an interim meeting. ## Next Steps * Ecker to merge pull request 246 for the MLS Architecture Draft, followed by an ISG review after SAG. * Britta to continue to engage the list to drive clarity and consensus on preferred post-quantum design. * Conrad to take the discussion on virtual clients to the mailing list.