> The IETF had multiple prior lines of effort in this area during the development and widespread deployment of XMPP and SIP decades ago, but the nature of existing messaging implementations and the external environment have both changed significantly since then. Messaging applications now share more common content features and functionality, the MLS protocol has been developed to facilitate E2EE interoperable messaging, and regulatory pressure to interoperate has increased significantly (e.g., as a result of the EU Digital Markets Act).
> We sometimes found that the various components of Matrix came together in unexpected ways that created problems, even if they were fine in isolation. From our reading of the charter and current drafts, it is likely that MIMI will need to include new cryptographic protocols (or integrate existing ones). As such, an analysis that looks at how the pieces of the puzzle fit together would be valuable. Thus, we'd like to advocate for following the path of MLS and TLS 1.3 by engaging the security, privacy, cryptography and formal verification communities.
Edit: see https://news.ycombinator.com/item?id=35366250 for audio.
https://datatracker.ietf.org/doc/bofreq-cooper-more-instant-... & https://news.ycombinator.com/item?id=33420112
> The IETF had multiple prior lines of effort in this area during the development and widespread deployment of XMPP and SIP decades ago, but the nature of existing messaging implementations and the external environment have both changed significantly since then. Messaging applications now share more common content features and functionality, the MLS protocol has been developed to facilitate E2EE interoperable messaging, and regulatory pressure to interoperate has increased significantly (e.g., as a result of the EU Digital Markets Act).
https://mailarchive.ietf.org/arch/msg/mimi/CI3z3CUPE8rrC5p4_... & https://techcrunch.com/2022/12/30/inside-matrix-the-protocol...
> We sometimes found that the various components of Matrix came together in unexpected ways that created problems, even if they were fine in isolation. From our reading of the charter and current drafts, it is likely that MIMI will need to include new cryptographic protocols (or integrate existing ones). As such, an analysis that looks at how the pieces of the puzzle fit together would be valuable. Thus, we'd like to advocate for following the path of MLS and TLS 1.3 by engaging the security, privacy, cryptography and formal verification communities.