ASecuritySite [here]

Security-By Design: Meet Near Perfect Message Security: Messaging Layer Security (MLS)

The use of SSL/TLS fixed the problem of transmitting data packets without encryption, and in not checking the trustworthiness of the servers that we connected to. But, this is closing the door after the horse has bolted. Thus the way we do our authentication for security tunnels is also often flawed, such as:

• Supporting many legacy cryptography methods (such as the Diffie-Hellman key exchange method, the SHA-1 hashing method and 3DES symmetric key encryption).
• Adding large RSA signatures and which authenticate just one side of the communication.
• Easy to install a proxy on a machine and listen to the network traffic.
• Easy to break the communications channel (such as with a WAF — Web Application Firewall) and inspect the traffic.

The best way to secure data is to encrypt it at its source. We typically define this as end-to-end encryption. And one of the newest open standards — Messaging Layer Security (MLS) — has just been published by the IETF [here]:

Key properties of MLS