[Standards] OMEMO 2 or MLS?

Paul Schaub vanitasvitae at fsfe.org
Fri Feb 7 15:08:47 UTC 2020

Hi Winfried!

I agree with all the points you bring up, however I also don't see any
reason why MLS and OMEMO 2 shouldn't coexist.

OMEMO 2 aims at fixing all those little issues that currently exist in
the OMEMO ecosystem. Personally I'd see it as an "upgrade" to the
current OMEMO specification.

MLS on the other hand would be a whole new protocol with different
considerations and possibly required server support. It may even require
a separate MIX module (caution: speculation)?
Contrary to OMEMO, there is no experience from implementations yet that
we can rely on (not a point against MLS of course).

I think that yes, we should focus on creating a good MLS specification,
but I also think this is unrelated to OMEMO-X.
I also don't care in which order we do these things, although I guess
OMEMO:2 will probably happen soon.


On 07.02.20 15:51, Winfried Tilanus wrote:
> Hi,
> At the danger to open a can of worms, I still would like have a
> discussion on the following:
> Given the progress Dave reported at the summit from the IETF MLS working
> group, I think it has become a viable option to standardize MLS on XMPP
> and implement MLS in stead of investing in OMEMO 2.
> Against:
> - MLS is not final / reviewed yet, so it is not stable and may still
> have serious issues.
> - MLS has recently seen a patent claim against it that is not yet
> decided upon.
> In favor:
> - MLS is done by / backed by the cryptographic community of the IETF, so
> it avoids making the mistakes that you can easily make when doing crypto
> yourself and any (early) MLS implementation can enjoy a lot of reviews
> from them.
> - We can expect input / contributions from the IETF community when
> implementing MLS
> - MLS has the possibility of proxy-reencryption, creating a good
> solution for multi-device situations and group chats.
> Please tell what you think.
> Winfried

More information about the Standards mailing list