Have you seen the latest papers on all the MLS vulnerabilities AI is finding? The thing is too big. So difficult that many folks outside Nostr are giving up on it and starting new protocols.
I don't...
i've already written a full marmot MLS implementation. why i agree with it is that it eliminates the distinction between group and two party conversations.
the implementation is tested side by side against the rust crate. i'm not familiar with the vulnerabilities but it all seems a bit moot to me when you can subscribe to the 443 and 445 and 1059 types on an open relay and see the traffic in real time, the obfuscated timestamps just complicate the fetching filters.
that's the whole point - you can't prevent metadata leakage without auth.
idk how to put it any more clearly.
as for vulnerabilities outside of that key and primary one, can you point me to discussions about these vulnerabilities in MLs that don't include metadata leaking because that is irrelevant. MLS is not about metadata security, it's about post compromise security and forward privacy, and the flexibility to have one single protocol implementation that covers all cases, DM and group.
the implementation is tested side by side against the rust crate. i'm not familiar with the vulnerabilities but it all seems a bit moot to me when you can subscribe to the 443 and 445 and 1059 types on an open relay and see the traffic in real time, the obfuscated timestamps just complicate the fetching filters.
that's the whole point - you can't prevent metadata leakage without auth.
idk how to put it any more clearly.
as for vulnerabilities outside of that key and primary one, can you point me to discussions about these vulnerabilities in MLs that don't include metadata leaking because that is irrelevant. MLS is not about metadata security, it's about post compromise security and forward privacy, and the flexibility to have one single protocol implementation that covers all cases, DM and group.
๐1