Technical Summary
This document describes a general secure group messaging infrastructure and its security goals. It provides guidance on building a group messaging system and discusses security and privacy tradeoffs offered by multiple security mechanisms that are part of the MLS protocol (e.g., frequency of public encryption key rotation)
The document also provides guidance for parts of the infrastructure that are not standardized by the MLS Protocol document and left to the application or the infrastructure architects to design.
While the recommendations of this document are not mandatory to follow in order to interoperate at the protocol level, they affect the overall security guarantees that are achieved by a messaging application. This is especially true in case of active adversaries that are able to compromise clients, the delivery service, or the authentication service.
Working Group Summary
Since the WGLC messages of the MLS architecture and MLS protocol went out at once, most people responded only to the mls-protocol one with comments for both.
There was broad consensus within the WG. Not much controversy even with the foreknowledge that the mls-archictecture I-D was the framing to make sure the security protections offered were achieved.
Document Quality
There are some minor issues that came out on the secdir / art reviews that have been mostly addressed, but might require another clarifying sentence or two.
Note that while this document is the architecture upon with the mls protocol is based, the MLS protocol itself already has a number of implementations (openmls, cisco)
Personnel
Sean Turner is the Shepherd, Paul Wouters is the responsible AD.