It's even listed on the "official" [MLS implementations page](https://github.com/mlswg/mls-implementations/blob/main/implementation_list.md), [great process on the PR `/s`](https://github.com/mlswg/mls-implementations/pull/194), and the author of that ts lib opened a pull request for it despite writing in the readme:

> This library has not undergone a formal security audit. While care has been taken to implement the MLS protocol correctly and securely, it may contain undiscovered vulnerabilities. If you plan to use this library in a production or security-critical context, proceed with caution and consider conducting an independent security review.

Make of that what you will. If I personally were to integrate a standard and there would be no audited, non-solo developed libs, I'd probably write and have audited my own lib. So in either case we're kind of back to "you're right to fear it", sorry, lol.

However: that implementation still isn't the hardest problem. The hardest problem, even if you write a ts mls lib yourself, is still key management.

MLS in a browser. How hard can it be? lol

I found someone giving it a shot already at least: https://github.com/LukaJCB/ts-mls

k00b

I'm probably overestimating how hard it'd be to build a e2ee PoC.

Assuming you're not going to build your own cryptography, it's easy to overestimate. Assuming you plan to roll your own, probably you're properly cautious.

Stacker Saloon

saloon

> I'm probably overestimating how hard it'd be to build a e2ee PoC.

Assuming you're not going to build your own cryptography, it's easy to overestimate. Assuming you plan to roll your own, probably you're properly cautious.