This dependency on the authentication service does sound pretty bad, thanks for sharing!
Does the MLS specification offer a practical mechanism for the end users to mitigate the effect of a compromised Authentication Service? No, it does not; it only refers to the approaches based on key transparency, but they are not practical in real-world applications, and, to the best of my knowledge, are not implemented in any of the communication platforms that deployed MLS.
I wonder if White Noise implemented key transparency?
In summary, he says the security benefits of this algorithm are not obviously evident, as compared to other group chat solutions. The king is not exactly naked, - he just has the same clothes as every other king. MLS still requires some theoretical level of trust of the central provider. Truly private, trustless group chats are hard.
This dependency on the authentication service does sound pretty bad, thanks for sharing!
I wonder if White Noise implemented key transparency?
In summary, he says the security benefits of this algorithm are not obviously evident, as compared to other group chat solutions. The king is not exactly naked, - he just has the same clothes as every other king. MLS still requires some theoretical level of trust of the central provider. Truly private, trustless group chats are hard.
I wanna get naked too
what stops you