37C3 - RFC 9420 or how to scale end-to-end encryption with Messaging Layer Security

Security

Discover how RFC 9420 and Messaging Layer Security (MLS) enable scalable end-to-end encryption for large groups, ensuring confidentiality, authentication, and post-compromise security through tree-based key updates and extensible design.

Key takeaways
  • MLS (Messaging Layer Security) is designed to scale end-to-end encryption for large groups
  • PCS (Post-compromise Security) ensures that even if a key is compromised, the attacker cannot read past messages
  • MLS uses a tree structure to manage key updates, scaling logarithmically
  • The protocol is designed to be extensible and adaptable to different use cases
  • Implementation in Rust, C++, and Go is underway
  • MLS is being standardized through the ITF (Internet Transport Forum)
  • MLS achieves forward secrecy, ensuring that even if a key is compromised, messages sent after the compromise cannot be decrypted
  • MLS is designed to be forward-looking, with post-quantum resistance and extension to other use cases
  • Confidentiality and authentication are ensured through key updates and encryption
  • MLS is being implemented by industry leaders, including Wire and Google
  • AMS is being tested in production environments

More talks

VCs in the Baltics: Saviors or Sharks? Panel moderated by Jone Vaituleviciute / FIRSTPICK

SAINTCON 2023 - James Cabe - Building an Isolated Recovery Environment

Donal McBreen - Solid Cache: A disk backed Rails cache - Rails World 2023

Powering Energy Storage Beyond Excel with Calvin Hendryx-Parker

SAINTCON 2016 Keynote - Georgia Weidman - Nine years into mobility, has security caught up?

Awful APIs: A History Lesson in Painful Industry Mistakes - Jim Seconde

Andres Freund: The path to using AIO in postgres (PGConf.EU 2023)

Ives van Hoorne - Making Development More Visual