An essay explaining why we don't plan to use MLS: https://www.poberezkin.com/posts/2025-08-12-mls-the-naked-king-of-end-to-end-encryption.html
A sidenote, is that Nostr's Whitenoise avoids its main problem.
TL;DR: MLS security model is "Trust me bro".
—the lack of participation privacy
If you understand that in Keychat ID are decoupled from sending/receiving addresses and addresses are continuously rotated, you’ll realize it’s almost impossible for a message relay to identify the participants in a group.
This has the same problem that was drawing criticism with early design of SimpleX network - while there is no persistent/observable identity on the protocol level, there is a fixed transport identity - relays can see which IP addresses communicate with which IP addresses. So it would require a similar solution to what we did with SimpleX network to mitigate it.
As for address rotation, it's currently possible manually, so they are not completely static, and this feature is used a lot, and it will be automatic next year. The challenge with automatic rotation is reduced usability - data backups do not allow restoring connections, so it requires smarter approach to make sure that the solution is usable.
Keychat’s receiving address is updated using the Signal double ratchet, and so far rotating the receiving address has had almost no impact on the stability of message reception.
