Irritatingly, a lot of the docs on the Milagro site are stubs. For the user experience I found this most explanatory:

http://docs.milagro.io/en/mfa/getting-started/milagro-mfa-ov...

They say they use generic implementations in languages like Java and Swift. I'm left wondering how that impacts security against side channels.

I also can't seem to find any actual security definitions or proofs for the project; I am thus disinclined to trust any security guarantees this project claims to offer.

This is an Apache foundation project with an explicit focus on security. I think they'll get it right, but since it's in incubation stage, the documentation might still be lacking. I'm sure they'll have much more complete implementation and documentation when they come out of incubation.

There are some large orgs listed as having implemented this, but whenever I read language that sounds all 90's tech revolutionary I get really skeptical.

Offtopic.

Milagro means miracle in Spanish. Not sure if that's an appropriate name for a security product.

"Es un milagro que funcione" (literally, "It's a miracle that it works") is a very common phrase that captures the somehow pejorative sense of the word "milagro" when used to describe or qualify human creations, more so technology creations.

I'm not a fan of short opaque product names. What would be wrong with "Apache Distributed Cryptosystem" as a name for this?

At least you don't have to stop and explain what it is all the time.

It was submitted to Apache by MIRACL Labs, so seems appropriate, if not creative.

Appropriate. Indeed.

MIRACL is actually an acronym for "Multiprecision Integer and Rational Arithmetic C/C++ Library" [1]

[1] https://www.miracl.com/miracl-labs

I don't think this is the case; Milagro (I think) serves as a way to authenticate IoT devices cryptographically without relying on closed-source solutions and third parties like CAs.