Abstract Group communication remains a missing primitive in production deployments that rely on mutual Transport Layer Security. The traditional point-to- point model of mutual authentication provides strong assurances about who is at each end of a connection, yet it scales poorly when a publisher must fan out the same content to thousands of authenticated receivers. Network-layer multicast1 is rarely available across administrative domains, application-layer overlays are often built as best-effort trees with ad hoc security, and many designs end up replicating the payload per subscriber with separate handshakes, keys, and record layers. This paper investigates how to build multicast semantics2 while retaining the operational and cryptographic properties that operators expect from mutual Transport Layer Security. We present an architecture that uses mutual authentication exclu- sively for the control plane and for the distribution of short-lived, audience-scoped group keys, while the data plane carries a single copy of the payload per edge and achieves replication with zero-copy fan-out. The result preserves identity-binding and revocation semantics, integrates with existing service meshes and certificate-based identities, and reduces publisher cost by removing redundant record-layer work. We describe the design choices that make this practical: audience definition in terms of verifiable identities rather than opaque channels, key derivation bound to group epochs, exporter-based tie-ins to the mutual Transport Layer Security session without exposing handshake secrets, and regional distributors that terminate authentication but do not see plaintext outside a narrow trust boundary. We implement these as sidecars that attach to existing gateways and propose operational guardrails around cer- tificate rotation, revocation stapling, and churn-aware rekeying23. We evaluate the approach with a set of synthetic and trace-driven experiments that stress group size, churn, and packet loss. The evaluation focuses on tail latency, publisher CPU cost, rekey convergence, and delivery under adverse conditions. The results indicate that the proposed design retains the safety properties of mutual Transport Layer Security while delivering the throughput characteristics of multicast overlays. Median and tail latencies remain stable as groups scale into the thousands, publisher cost grows sublinearly with the number of receivers, and rekey operations converge deterministically even under heavy membership churn. We conclude that multicast over mutual Transport Layer Security is not an oxymoron but a feasible and useful pattern when the control and data planes are separated, identities are first-class, and group state is managed with short epochs and verifiable updates.
Tevdos et al. (Tue,) studied this question.