**Session Date/Time:** 18 Mar 2025 06:00 ```markdown # mls ## Summary This MLS meeting covered a variety of topics, including insider replay attack mitigations, updates on working group drafts (architecture, combiner, extensions), and presentations of individual drafts potentially for adoption (MLS Light, Distributed MLS, Decentralized MLS, Nodal E2E definition). Key discussions centered on security tradeoffs, adoption of new cipher suites, and the scope and applicability of various drafts. ## Key Discussion Points * **Insider Replay Attacks:** Akshaya presented on insider replay attacks and potential mitigations, including signing the generation in the AEAD or adding a unique counter in the application layer. Privacy implications of signing the generation were discussed. * **MLS Architecture Draft:** Update on the architecture draft being in Off-48 and the process for incorporating late-stage PRs. * **MLS Extensions Draft:** Rowan discussed the refactoring of extensions, introducing the concept of application components and app data dictionaries, aiming for a cleaner API. * **New Cipher Suites:** Richard proposed new cipher suites for ML Chem and hybrid ML Chem, focusing on combinations of ML Chem 768 with NIST curves and different security levels. Debate arose regarding the hash function (SHA-2 vs. SHA-3) and KDF to use. The overall goal was to provide additional options for post-quantum security. * **Selective Disclosure Web Tokens:** Rowan presented on SD JOT and SD KOT for MLS credentials, highlighting their use with pseudonyms and compacted representation. * **Hybrid Combiner Draft:** Britta provided an update, noting that the draft had been adopted and discussing expanded scenarios for security considerations. * **MLS Light:** Richard presented MLS Light, a draft focused on enabling faster join times and lower resource utilization at the cost of potential loss of authentication guarantees. Discussions centered on security risks. * **Distributed MLS:** Mark presented distributed MLS, where participants independently manage MLS groups and exchange pre-shared keys for PCS updates. Open question on how to properly model security. * **Decentralized MLS:** Conrad presented a decentralized MLS approach that uses punctual PRFs for better forward secrecy during network splits. Focuses on client driven recovery. * **Nodal E2E Definition:** Mallory discussed the Nodal E2E definition draft and why it may belong in the MLS WG. ## Decisions and Action Items * **MLS Architecture Draft:** Editors to merge approved PRs. AD will be consulted on whether a new working group last call is necessary. * **MLS Extensions Draft:** Expect a working group last call. * **New Cipher Suites Draft:** Group agreed with the general combinations. Richard to continue working on the draft and get feedback from CFRG experts on hash function and KDF choice. Plan to run an adoption call. * **Hybrid Combiner Draft:** Aiming for last call soon. * **MLS Light:** Working group to run an adoption call, keeping in mind security concerns and the need for clear warning labels. The draft will remain separate from split commit at this time. * **Distributed MLS:** Keep working on it, others will review. * **Nodal E2E Definition:** Discuss more on the mailing list before any potential adoption call. Look for broader IETF guidance on best place for the charter. ## Next Steps * Continue discussions on the mailing lists for individual drafts. * Address feedback and incorporate changes into drafts. * Prepare drafts for working group last call or IETF last call as appropriate. * Coordinate with AD on next steps for architecture draft. * Schedule adoption calls for various individual drafts.