Join Nostr
2025-08-12 21:34:08 GMT

Tim Bouma on Nostr: So, the bottom line is that if your solution requires an authentication server (AS), ...

So, the bottom line is that if your solution requires an authentication server (AS), you’re compromised. I reached a similar conclusion with OAuth2.0

The cynical side of me is that mainstream industry is perfectly happy with MLS because when an authority leans on them to comply with chat control, etc., they can do it.
An essay explaining why we don't plan to use MLS: https://www.poberezkin.com/posts/2025-08-12-mls-the-naked-king-of-end-to-end-encryption.html

A sidenote, is that Nostr's Whitenoise avoids its main problem.

TL;DR: MLS security model is "Trust me bro".