The Messaging Layer Security (MLS) Extensions

	draft-ietf-mls-extensions-08.txt
	Date:	21/07/2025
	Authors:	Raphael Robert
	Working Group:	Messaging Layer Security (mls)

The Messaging Layer Security (MLS) protocol is an asynchronous group authenticated key exchange protocol. MLS provides a number of capabilities to applications, as well as several extension points internal to the protocol. This document provides a consolidated application API, guidance for how the protocol's extension points should be used, and a few concrete examples of both core protocol extensions and uses of the application API.

Amortized PQ MLS Combiner

	draft-ietf-mls-combiner-02.txt
	Date:	22/10/2025
	Authors:	Xisen Tian, Britta Hale, Marta Mularczyk, Joel
	Working Group:	Messaging Layer Security (mls)

This document describes a protocol for combining a traditional MLS session with a post-quantum (PQ) MLS session to achieve flexible and efficient amortized PQ confidentiality and authenticity that amortizes the computational cost of PQ Key Encapsulation Mechanisms and Digital Signature Algorithms. Specifically, we describe how to use the exporter secret of a PQ MLS session, i.e., an MLS session using a PQ ciphersuite, to seed PQ guarantees into an MLS session using a traditional ciphersuite. By supporting on-demand traditional-only key updates (a.k.a. PARTIAL updates) or hybrid-PQ key updates (a.k.a. FULL updates), we can reduce the bandwidth and computational overhead associated with PQ operations while meeting the requirement of frequent key rotations.

MLS Targeted Messages

	draft-robert-mls-targeted-messages-00.txt
	Date:	03/07/2025
	Authors:	Raphael Robert
	Working Group:	Messaging Layer Security (mls)

MLS targeted messages allow sending encrypted messages to a specific member of an MLS group.

ML-KEM and Hybrid Cipher Suites for Messaging Layer Security

	draft-ietf-mls-pq-ciphersuites-00.txt
	Date:	25/07/2025
	Authors:	Rohan Mahy, Richard Barnes
	Working Group:	Messaging Layer Security (mls)

This document registers new cipher suites for Messaging Layer Security (MLS) based on "post-quantum" algorithms, which are intended to be resilient to attack by quantum computers. These cipher suites are constructed using the new Module-Lattice Key Encapsulation Mechanism (ML-KEM), optionally in combination with traditional elliptic curve KEMs, together with appropriate authenticated encryption, hash, and signature algorithms.

Partial MLS

	draft-ietf-mls-partial-00.txt
	Date:	02/09/2025
	Authors:	Franziskus Kiefer, Karthikeyan Bhargavan, Richard Barnes, Joel, Marta Mularczyk
	Working Group:	Messaging Layer Security (mls)

The Messaging Layer Security (MLS) protocol provides efficient asynchronous group key establishment for large groups with up to thousands of clients. In MLS, any member can commit a change to the group, and consequently, all members must download, validate, and maintain the full group state, which can incur a significant communication and computational costs, especially when joining a group. This document defines an MLS extension to support "partial MLS clients" that don't undertake these costs. A partial client cannot commit changes to the group, and only has partial authentication information for the other members of the group, but is otherwise able to participate in the group. In exchange for these limitations, a partial MLS client can participate in an MLS group with significantly lower requirements in terms of download, memory, and processing.

Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Messaging Layer Security (mls)

WG	Name	Messaging Layer Security
	Acronym	mls
	Area	Security Area (sec)
	State	Active
	Charter	charter-ietf-mls-02 Approved
	Status update	Show Changed 2018-11-07
	Document dependencies	Document dependencies Loading... Pan and zoom the dependency graph after the layout settles. Show legend Loading...
	Additional resources	GitHub organization Issue tracker Wiki Zulip Stream
Personnel	Chairs	Nick Sullivan, Sean Turner
	Area Director	Paul Wouters
Mailing list	Address	mls@ietf.org
	To subscribe	https://www.ietf.org/mailman/listinfo/mls
	Archive	https://mailarchive.ietf.org/arch/browse/mls/
Chat	Room address	https://zulip.ietf.org/#narrow/stream/mls

Charter for Working Group

The Messaging Layer Security (MLS) protocol, RFC 9420, specifies a key
establishment protocol that provides efficient asynchronous group key
establishment with forward secrecy (FS) and post-compromise security (PCS)
for groups in size ranging from two to thousands.

The MLS WG will maintain the protocol and will work on the
following MLS protocol extensions:

Support for use of MLS in protocols developed by the MIMI working group
Support for new credential types
Support for common operational patterns in messaging applications
Support for quantum resistance
Framework for safe extensibility
Detection of lost application messages
Support for sending messages to individual members of a group

Many of the extensions to support these features will be included in
draft-ietf-mls-extensions, but some of the extensions will be published in
separate specifications.

Milestones

Date	Milestone	Associated documents
Dec 2026	Post Quantum security for MLS	draft-ietf-mls-combiner
Dec 2025	Submit Additional Credentials I-D to IESG as Proposed Standard	draft-barnes-mls-addl-creds
Aug 2025	Submit MLS extensions I-D to IESG as Proposed Standard	draft-ietf-mls-extensions