That’s misleading. There is a “message” that is sent between clients to ratchet the group forward and provide forward secrecy between epochs (when the full ratchet tree is refreshed), however the user doesn’t have to think about that at all and happens on a regular basis in any normal 1-1 or group chat.
There is also another layer of forward secrecy that is provided by the message keys themselves (basically using the same mechanic as Signal).
Fact 1 :
In one-on-one chat mode, the Signal protocol does not require an additional message (regardless of what it is called, to the relay it's just a note) to operate the DH ratchet and achieve backward secrecy of messages.
Fact 2:
MLS protocol requires such a message (regardless of what it is called, to the relay it's just a note) to update the ratchet tree to achieve backward secrecy of messages.
Our opinion:
We believe this is a key difference, especially from the relay's perspective, as Signal is more efficient in one-on-one chat mode.
Signal protocol is designed ofor one-on-one chats, whereas the MLS protocol is designed for large-scale group chats.
Ok. We’ll just have to agree to disagree.
Do you all have a spec or draft NIP about what events you’re using and how they’re structured?
