So, the original complaint is that MLS solves technical logistics problems but punts on authentication.
Which is because authentication it isn't a technical problem - it's a trust/people problem. MLS's Authentication Service could be an extended Keycloak service run by a company for its employees (because the company trusts itself). It could be some furry running a key transparency service. Or it could be my buddy Stefan, meeting up with the group participants in a dark alley, handing out key bindings on index cards. Which of those you trust to manage your group communication security might be rather different depending on the context.
There are definitely other things one could complain about MLS, but its AS abstraction seems like a rather good one.
eqvinox · 6h ago
As an IETF contributor (not on MLS): every time I (or we, really) think we made things clear enough even for the poorest reader, someone pops up with even worse reading comprehension.
(And then the smart people complain about the wordiness.)
Which is because authentication it isn't a technical problem - it's a trust/people problem. MLS's Authentication Service could be an extended Keycloak service run by a company for its employees (because the company trusts itself). It could be some furry running a key transparency service. Or it could be my buddy Stefan, meeting up with the group participants in a dark alley, handing out key bindings on index cards. Which of those you trust to manage your group communication security might be rather different depending on the context.
There are definitely other things one could complain about MLS, but its AS abstraction seems like a rather good one.
(And then the smart people complain about the wordiness.)