Messaging applications are increasingly making use of end-to-end
security mechanisms to ensure that messages are only accessible to
the communicating endpoints, and not to any servers involved in delivering
messages. Establishing keys to provide such protections is
challenging for group chat settings, in which more than two
clients need to agree on a key but may not be online at the same
time. In this document, we specify a key establishment
protocol that provides efficient asynchronous group key establishment
with forward secrecy (FS) and post-compromise security (PCS) for groups
in size ranging from two to thousands.
