Comment by raphaelrobert

MLS and blog author here. I've been a proponent of deniability within the MLS WG and there have been quite a few online and offline discussion about it. Personal opinions aside, deniability remains a divisive property. Some people think it is important, many people do not care about it, and a few even think it is harmful. That sets it apart from properties like say confidentiality that is far more appealing to most people. It also remains largely theoretical, in that the lack of deniability hasn't had tangible negative consequences so far (the DKIM case aside, but that doesn't translate 1:1 to messaging). Deniability is also used as a colloquial term, when there is much more nuance to it (what exactly is deniable? what capabilities does the attacker have? etc.). Finally, deniability in protocols like Signal clearly have limitations and can be circumvented with moderate effort as explained in [1]. So the reason why deniability didn't make it into core MLS is rather banal: there was not enough traction.

That being said, there has been a low key effort to come up with an extension to MLS to introduce some notion of deniability. It is not published yet, but I will probably talk more about it at the upcoming MLS session at IETF117.

[1] https://asokan.org/asokan/research/deniability.pdf