Settling for RCS means no E2EE. It’s also handing control over messaging back to carriers (or most likely, Google, because not many carriers have RCS servers) which is a step backwards.
For all of Apple’s many many faults, iMessage is a pretty good service once you pay the Apple tax to get in.
Doesn’t RCS support E2EE if properly implemented? I seem to recall reading that the spec for RCS supports this, but it’s just that carriers won’t enable it.
No, E2EE is not part of any RCS spec yet. Based on news articles, Apple is implementing RCS but will supposedly ask the governing standards bodies to add E2EE to the spec so they can implement it according to the official specifications.
Google has implemented their own E2EE on top of RCS (based on Signal’s messaging for one to one conversations, based on MLS for group chats), but they haven’t published any specifications for that. It shouldn’t be too hard to reverse engineer, but that shouldn’t be necessary for any open protocol.
Google has implemented their own E2EE on top of RCS (based on Signal’s messaging for one to one conversations, based on MLS for group chats), but they haven’t published any specifications for that.
Ahh, this must be what I was thinking of, then. Thanks for clarifying!
If you mean this link: that’s a high level description of the protocol, but it leaves out important details.
For example, Google uses MLS for group chats, but the document only mentions the Signal protocol. In other words, E2EE for group chats is broken even if you manage to implement the protocol exactly as they describe.
For example, they say the client “registers with the key server” and “uploads the public key parts”. What server is that? What protocol do we use? HTTPS POST? Do we use form/multipart? Do we encode the key in PEM or do we submit they bytes directly?
Another example: “Key material, digest, and some metadata are encrypted using the Signal session”. Whay do you mean “some”? What algorithm is used to generate the digest?
The document is a nice high level overview, but worthless if you want to implement their protocol. It basically says “we put signal, and send the signal messages over RCS, with out own key servers. Here’s how the Signal protocol works”. If, for example, Ubuntu Touch would like to implement this into their messenger, they’ll need to reverse engineer Google’s Messages app, guided by the description in their whitepaper.
Settling for RCS means no E2EE. It’s also handing control over messaging back to carriers (or most likely, Google, because not many carriers have RCS servers) which is a step backwards.
For all of Apple’s many many faults, iMessage is a pretty good service once you pay the Apple tax to get in.
Doesn’t RCS support E2EE if properly implemented? I seem to recall reading that the spec for RCS supports this, but it’s just that carriers won’t enable it.
No, E2EE is not part of any RCS spec yet. Based on news articles, Apple is implementing RCS but will supposedly ask the governing standards bodies to add E2EE to the spec so they can implement it according to the official specifications.
Google has implemented their own E2EE on top of RCS (based on Signal’s messaging for one to one conversations, based on MLS for group chats), but they haven’t published any specifications for that. It shouldn’t be too hard to reverse engineer, but that shouldn’t be necessary for any open protocol.
Ahh, this must be what I was thinking of, then. Thanks for clarifying!
https://support.google.com/messages/answer/10262381?hl=en
E2EE White paper (technical specifications) is listed on this site (pdf)
If you mean this link: that’s a high level description of the protocol, but it leaves out important details.
For example, Google uses MLS for group chats, but the document only mentions the Signal protocol. In other words, E2EE for group chats is broken even if you manage to implement the protocol exactly as they describe.
For example, they say the client “registers with the key server” and “uploads the public key parts”. What server is that? What protocol do we use? HTTPS POST? Do we use form/multipart? Do we encode the key in PEM or do we submit they bytes directly?
Another example: “Key material, digest, and some metadata are encrypted using the Signal session”. Whay do you mean “some”? What algorithm is used to generate the digest?
The document is a nice high level overview, but worthless if you want to implement their protocol. It basically says “we put signal, and send the signal messages over RCS, with out own key servers. Here’s how the Signal protocol works”. If, for example, Ubuntu Touch would like to implement this into their messenger, they’ll need to reverse engineer Google’s Messages app, guided by the description in their whitepaper.
Thanks for this explanation!