MIMI with MLS – the new standard for interoperability of messaging apps?
A new standard called MIMI for the interoperability of instant messaging apps is currently on the way. The interoperability of messaging apps has been a topic of strong interest for years. MIMI focuses on highest security standards and includes an end-to-end encryption layer called MLS. Since MIMI is organized by the IETF, it has good potential for universal adoption and finally bringing interoperability to messaging apps worldwide. While there other protocols, who also have tried to become a standard for real-time communication exchange, MIMI has probably the highest chances. In this blog article we tell you everything you need to know about MIMI and the impact it could have.
Why is interoperability of messaging apps an important topic?
Messaging apps and services are highly popular nowadays and have achieved widespread use. For the private communication it is obvious that messaging apps have replaced email as the primary communication medium. Likewise messaging apps are on track to do the same for enterprise communication.
While for email there are standard protocols that all email clients use worldwide, for messaging apps there are no standard protocols. That means, unlike email the various messaging apps and services are not interoperable, because they rely on different security and encryption protocols. In consequence, users of leading messaging apps like Whatsapp, Signal, Microsoft Teams, Slack, etc. cannot communicate with each other.
A standard protocol for the interoperability would enable an easy and secure exchange of information between different messaging apps and should thereby create a seamless and optimal user experience. Furthermore, a standard protocol could break up silos of gatekeepers, prevent dependence on a single provider or monopolists and ensure data sovereignty.
What other protocols are already trying to become the standard for interoperability of messaging apps?
Various protocols have been trying to become a standard for the interoperability of messaging apps, basically since the internet emerged. Some examples are XMPP, Matrix or even the old IRC.
About 20 years ago XMPP (Extensible Messaging and Presence Protocol) was released and became well-known under the name “Jabber”. XMPP with released as an open-source communication protocol with the core idea of a decentralized network architecture – so anyone could host a server. While XMPP has become popular with 10-20 million users, who especially used XMPP on the desktop, it hasn’t become a universal standard.
Reasons for that might be some older disadvantages of XMPP:
- Due to the network overhead and lack of assured delivery of messages the XMPP protocol is less suitable for mobile devices.
- Based on today’s requirements of consumers and enterprises there are also limitations to transfer data (e.g. larger files and media) with XMPP.
- Also the security as well as data protection requirements have evolved nowadays and demand a higher standard than XMPP can offer out of the box.
Matrix is a newer protocol, which came out of beta in 2019. Matrix has been developed as an open-source project to use chat, VOIP and video calls independent of an internet provider. Therefore it is also a decentral communication protocol for real-time exchange. However in comparison with XMPP, Matrix has a much stronger focus on data sovereignty and security with an end-to-end encryption protocol among other things. Due to the data sovereignty aspects Matrix has gained significant recognition in the public sector in recent years.
While Matrix has several advantages and is an interesting protocol, there are also some noteworthy disadvantages:
- The group chats are not really scalable with end-to-end encryption. This means that if you regularly need group chats with several hundred or thousands of participants, Matrix is not the right protocol.
- When servers get federated, it is possible to access a lot of metadata (e.g. contact lists, user data, chat memberships), which can lead to data protection issues.
- The servers seem to require quite a lot of resources, which can become expensive for larger organizations.
- There are no references yet, which showcase that the federation of different Matrix services works reliably and scalably. There are several larger references in the public sector, but funnily they are always based on one service provider and a single Matrix client. (For such a case customers could also use a standard software, without developing something themselves based on open-source.)
So far no protocol has succeeded in becoming the standard for messaging interoperability – an “email protocol” for messaging apps so to speak. And now MIMI comes along.
What is MIMI (More Instant Messaging Interoperability) with MLS (Messaging Layer Security)?
MIMI stands for “More Instant Messaging Interoperability” and is a relatively new standard, that is currently developed by the IETF. Like the name says, the idea is to define a worldwide standard for ensuring interoperability between different instant messaging, chat, communication and collaboration apps and services. The standard is intended to ensure a highly secure, private and reliable connection between all kind of messaging apps.
The goal of the MIMI working group of the IETF is: “The standards produced by the MIMI working group will allow for E2EE messaging services for both consumer and enterprise to interoperate without undermining the security guarantees that they provide. The working group will aim to achieve the strongest usable security and privacy properties for each targeted functional requirement.”
For end-to-end encryption MIMI is based on the protocol MLS (Messaging Layer Security). MLS is a modern messaging protocol for end-to-end encryption. MLS especially covers end-to-end security of group communication and is supposed to be very scalable.
When will MIMI be released?
The standardization process for the end-to-end encryption with MLS has been completed and the IETF has approved the publication of the MLS standard last week. While MLS is the most critical and difficult part for end-to-end security, some components of MIMI still have to be aligned and written (e.g. identity layer, server-to-server communication). How long this standardization process takes is yet unclear. Hopefully in 6-18 months MIMI is ready.
Who is behind MIMI and supporting it?
MIMI is driven by the IETF, the Internet Engineering Task Force. The IETF was founded in 1986 and has coordinated and defined most essential standards related to the Internet in the last 30-40 years. In this respect, MIMI has a very good chance of receiving broad support from many vendors and being adopted by many messaging apps and communication services.
Likewise in the European Union, MIMI with MLS seems to be a topic apparently. In recent months, there have been various meetings of the Digital Market Act (DMA) on how interoperability of messaging apps can be achieved. The DMA – among other things – deals with breaking up provider silos of gatekeepers and connecting different messengers (the meetings are all available on YouTube). In these meetings MIMI with MLS was repeatedly discussed.
What are the advantages and disadvantages of MIMI?
Advantages of MIMI:
- Generally MIMI seems to cover most relevant security as well as privacy aspects (incl. metadata).
- MLS seems to have very good security properties. It was allegedly planned with quantum computing security in mind and would be adjustable for such later scenarios.
- With MLS the end-to-end encryption is very scalable even for large group chats.
- Becoming a standard of the IETF, MIMI is more likely to be widely adopted and used than any other protocol.
Disadvantages of MIMI:
- The definition of the standard is not completed. It is likely that this process takes another 6-18 months.
- Due to the status of the standardization process there are open questions around the capabilities of and possible features with MIMI.
- Yet there are hardly code libraries available to implement the protocol.
- Yet there are no reference projects.
How are other protocols and apps reacting to MIMI with MLS?
Some apps like Cisco Webex and Ring Central have implemented first draft versions of MLS in their services for testing purposes. The Matrix protocol is said to be planning to support MLS for end-to-end encryption. Interestingly, existing protocols such as XMPP, Matrix, etc. seem to be trying to partially occupy the yet to be defined components of MIMI, so that they can fit in their technology in MIMI. Even if no release dates are available, all that shows the interest in and importance of MIMI.
How do we as Teamwire view MIMI with MLS?
We as Teamwire see great potential in MIMI with MLS. It could become the standard that we have been looking for several years. Therefore we closely monitor the developments around MIMI with MLS and are waiting for the final release. Needless to say, if MIMI with MLS delivers what it currently promises, we would support such a standard and ensure compatibility.
Contact us for more information and our plans!
You would like to receive more information or have questions? Please contact our sales team and find out more.