Messaging Layer Security has just been officially standardized by the , this is a great new development, especially in combination with standard protocols like and . blog.phnx.im/rfc-9420-mls/ 1/

One big concern I have about over something like Protocol is that it makes it so the cost of sending a message to a group of 10 is about the same as sending to a group of 1000 or more. This is the opposite of how physical social interaction works, it is much more effort to speak in front of large groups. This gives advantage to spam, disinfo, trolling, etc. as compared to protocols where the cost linearly increases as the number of users in the group increases. 2/

Show thread

On the other hand, includes "Group Integrity", which means that all members in a group see the same state. This means all members see the same list of members, same message transcript, same message order, etc. Protocol does not guarantee Group Integrity. I think this is an important property, but I wonder how much this was actually abused in the real world with other protocols? 3/

Show thread

@eighthave
This is actually one of the most important improvements over the Signal protocol. The scalability is great, but from a pure security point of view, group integrity is the real news.

Follow

@rene_mobile In theory, it sounds great. I'm still curious to see how much it will affect real world communications. I haven't really heard about exploits to Signal's lack of Group Integrity.

@eighthave
I wonder if there would be a way to effectively detect comprises, though.

@rene_mobile I can't think of a technical measure to detect any compromise, but it would surely be possible to detect compromise using other evidence. For example, someone suspects foul play, they ask group members they trust to let their devices be forensically inspected. Then any differences between the group transcripts should be clear upon visual inspection, and probably provable based on an export of Signal history from the devices. This kind of investigation caught NSO's

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml