Comment by goferito
2 years ago
What is the difference with the Matrix protocol? Matrix is already open-source, there are libraries publicly available that implement it, both for clients and serves, in different languages. Why not just adopting it?
2 years ago
What is the difference with the Matrix protocol? Matrix is already open-source, there are libraries publicly available that implement it, both for clients and serves, in different languages. Why not just adopting it?
The Matrix spec defines everything about how communication should happen—port discovery, federation, transport, wire formats, encodings, schemas, addresses for people, group membership, reconciliation of parallel histories, ..., and, yes, end-to-end cryptography. MLS is just the end-to-end cryptography part, how to turn it into bits, and a general idea of where the underlying network should deliver those bits. Nothing about how the delivery is accomplished or how to format the user data that’s protected by the cryptography.
The corresponding part of Matrix is called Olm (for two-party conversations) and Megolm (for groups). Why (a Matrix mapping of) MLS and not those then? The Matrix people, who did have a hand in MLS, say[1] it performs better than Megolm, and IIRC Megolm is indeed something of a hack on top of plain Olm, because E2EE on Matrix has been built up gradually starting from the simpler two-party case. Unfortunately, it looks like MLS as specified is insufficient for Matrix, because it relies on a global clock—which you can’t get in a partition-tolerant federation—but they think that should eventually be solvable[2].
[1] https://matrix.org/blog/2023/07/a-giant-leap-with-mls/
[2] https://gitlab.matrix.org/matrix-org/mls-ts/-/blob/decentral...
Decentralisation-friendly MLS is working well already as a proof-of-concept in Matrix - check out the Implementation section of https://arewemlsyet.com :)
You can have a global clock courtesy of the US space force.
The “clock” is in the distributed systems sense—a monotonically increasing integer on all participating machines, and the whole system is wrecked beyond repair if it ever decreases. Any resemblance to physical quantities is purely coincidental.
(Equivalently, a supply of totally ordered gremlins with the ability to obtain a gremlin greater than any you’ve seen, and things blow up if any of them are ever actually incomparable.)
It’s possible to build this atop a GNSS[1], but it’s quite expensive.
[1] https://www.usenix.org/conference/osdi-06/chubby-lock-servic...
The section: How is MLS different from existing protocols?
> Secure messaging protocols in use today were designed as one-to-one protocols [...] In contrast, MLS typically has costs of O(log n) for the same scenario, making it well-suited even for large groups.
One big difference is that the authors of this protocol have probably spent a lot of time at IETF meetings
You said that like it’s a bad thing?
Depends on the group. For example, IKE was a protocol that passed by making everyone equally unhappy.