[thaumasiotes]

The concept of encryption is poorly suited for live conversations with rotating members. If you don't know who you're talking to, there's no point in encrypting your message.

> I was speaking of protocols that did have these properties.

The method PGP uses to encrypt messages to multiple recipients will still work for whatever protocol you have in mind. Why is your dislike for PGP relevant?

[treyd]

That's pretty reductive, perhaps you don't have a fully connected graph of relationships in a group but other parties you do know in a group you trust to vouch for others. There's also lots of data privacy/security compliance reasons you'd want to have E2EE with large groups. I believe I heard that some larger companies wanted to investigate using MLS to encrypt internal communications, and having hundreds/thousands of people in a group where most don't know each other but they're all managed by an authority who doesn't want to be able to know what they're discussing.

I don't dislike PGP I'm just saying that it doesn't natively have PFS and PCS, which are generally accepted by security people as being necessary properties for a protocol to be considered full E2EE.

[thaumasiotes]

> I believe I heard that some larger companies wanted to investigate using MLS to encrypt internal communications, and having hundreds/thousands of people in a group where most don't know each other but they're all managed by an authority who doesn't want to be able to know what they're discussing.

But it's impossible for the authority to achieve that goal. If they manage the group membership, they are free to add themselves and read the discussions.