{"draft":"draft-ietf-mls-architecture-15","doc_id":"RFC9750","title":"The Messaging Layer Security (MLS) Architecture","authors":["B. Beurdouche","E. Rescorla","E. Omara","S. Inguva","A. Duric"],"format":["HTML","TEXT","PDF","XML"],"page_count":"41","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Messaging Layer Security","abstract":"The Messaging Layer Security (MLS) protocol (RFC 9420) provides a\r\ngroup key agreement protocol for messaging applications. MLS is\r\ndesigned to protect against eavesdropping, tampering, and message\r\nforgery, and to provide forward secrecy (FS) and post-compromise\r\nsecurity (PCS).  \r\n\r\nThis document describes the architecture for using MLS in a general\r\nsecure group messaging infrastructure and defines the security goals\r\nfor MLS.  It provides guidance on building a group messaging system\r\nand discusses security and privacy trade-offs offered by multiple\r\nsecurity mechanisms that are part of the MLS protocol (e.g.,\r\nfrequency of public encryption key rotation). The document also\r\nprovides guidance for parts of the infrastructure that are not\r\nstandardized by MLS and are instead left to the application.\r\n\r\nWhile the recommendations of this document are not mandatory to\r\nfollow in order to interoperate at the protocol level, they affect\r\nthe overall security guarantees that are achieved by a messaging\r\napplication. This is especially true in the case of active\r\nadversaries that are able to compromise clients, the Delivery Service\r\n(DS), or the Authentication Service (AS).","pub_date":"April 2025","keywords":["security","authenticated key exchange","end-to-end encryption"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9750","errata_url":null}