this post was submitted on 04 Aug 2023
129 points (97.1% liked)

Technology

57472 readers
4241 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
129
Google Messages signs onto cross-platform encrypted group chat standard (www.theverge.com)
submitted 1 year ago by [email protected] to c/[email protected]
32 comments fedilink hide all child comments
 

From the Article:

Google’s Messages app might be getting cross-platform chat encryption in the future. The company is announcing adoption of an end-to-end encryption system known as Messaging Layer Security, or MLS. It’ll allow Google’s platform to connect and exchange messages with outside messaging apps that also support MLS (via 9to5Google).

Want to message a group chat and have it securely and seamlessly appear on other people’s devices in their preferred chat apps? That’s the future European regulators are pushing for: to get tech companies to implement an end-to-end encryption system that allows users to securely message between platforms.

Meaningful interoperability would require major companies to back the same standard, and MLS now seems to have one of the biggest ones on its side. Google also supports the carrier-backed end-to-end encrypted messaging system known as RCS. For a while, RCS didn’t have proper security for group chats, but Google is now releasing a version that does (which doesn’t use MLS).

A big problem MLS may solve is better encryption for group messages. An Oxford paper published in 2017 pointed out security concerns in how some major messaging apps, including WhatsApp, Facebook Messenger, and Google Allo (RIP), could have group messages intercepted if just one member is compromised. So researchers sketched up an “Asynchronous Ratcheting Tree” that makes end-to-end group messages even more secure, and MLS was built with that idea in mind.

The MLS protocol is developed by a standards organization called the Internet Engineering Task Force (IETF). The body just approved publication of MLS specification (RFC 9420) in March and has previously tested draft versions in Webex and RingCentral chats.

Google is moving to place its MLS implementation open sourced into Android’s codebase but did not say when this would happen. It also did not specify how or if RCS messages, which Google has outwardly championed for more than a year, will work with the MLS-based encryption. Google continues to shame Apple for not supporting RCS, which is now available to more than 800 million Android users. It remains to be seen if other tech companies will “get the message” with MLS.

top 26 comments
sorted by: hot top controversial new old
[–] [email protected] 37 points 1 year ago* (last edited 1 year ago) (4 children)

Good to remind that MLS is just an end2end encryption standard, not whole messaging standard. And like TLS is useless on it's own and needs content protocol like HTTP to combine it with.

Stil really good, since this means bridges between networks adopting MLS, like XMPP, Matrix and RCS could work with full E2EE.

[–] [email protected] 6 points 1 year ago (1 children)

Any idea if singal users would be able to benefit from this?

[–] [email protected] 9 points 1 year ago

Only if Signal developers want to swap their Signal encryption protocol for MLS. And I doubt they will for next years, as MLS is not as battle tested yet. Signal is laser focus on security for "normies", not interoperability or free software.

[–] [email protected] 2 points 1 year ago (1 children)

Would this be a pathway for android texting apps like Textra to add chat support to other rcs users? It appears Google isn't going to open the RCS API.

[–] [email protected] 1 points 1 year ago (1 children)

Nope. This is standard purely for encrypting messages, nothing to do with open APIs or formatting messages themselfs. Basically TLS but for E2EE instead of SSL.

[–] [email protected] 1 points 1 year ago (1 children)

Wouldn't Textra be able to implement the MLS standard and then do E2EE through that protocol? I'm probably not understanding it very well.

[–] [email protected] 1 points 1 year ago

It need to talk RCS first, then it could encrypt with MLS.

Like web browser that needs to speak http and then encrypts the traffic via TLS.

[–] [email protected] 1 points 1 year ago

You can bridge xmpp and matrix with full encryption both ways already

[–] [email protected] 0 points 1 year ago (2 children)

@ghostermonster @reclipse Matrix implementation of MLS will be called dMLS and not be compatible with the internet standard. There seem to be technical reasons, but not too surprising for a company that couldn't build their product compliant with the existing XMPP messaging standard for no reason I guess.

[–] [email protected] 2 points 1 year ago (1 children)

Isn't dMLS just MLS but adopted for multiple servers?

[–] [email protected] 1 points 1 year ago

MLS is focused on centralised services like signal/whatsapp

[–] [email protected] 1 points 1 year ago

Source that it won't be compatible with the Internet standard and from what I understand of MLS xmpp would need to use dmls as well since there's no one centralised server

[–] [email protected] 29 points 1 year ago (2 children)

Didn't google basically kill XMPP by "working" with the standard and then getting a huge amount of users on Google, then dropping the standard leaving most people who wanted to communicate on the now locked in google program? I swear I heard that.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

It was just a silly argument going around for a while. XMPP isn't dead, it's a messaging protocol, it doesn't "die". You could consider Jabber "dead", but it was never actually popular to begin with and it just got beat out by all the other messaging services at the time.

The X stands for eXtensible by the way, XMPP was extended into proprietary versions in multiple messaging apps, which is very common with open source software.

[–] [email protected] 15 points 1 year ago

This is the best summary I could come up with:

The company is announcing adoption of an end-to-end encryption system known as Messaging Layer Security, or MLS.

That’s the future European regulators are pushing for: to get tech companies to implement an end-to-end encryption system that allows users to securely message between platforms.

For a while, RCS didn’t have proper security for group chats, but Google is now releasing a version that does (which doesn’t use MLS).

So researchers sketched up an “Asynchronous Ratcheting Tree” that makes end-to-end group messages even more secure, and MLS was built with that idea in mind.

The MLS protocol is developed by a standards organization called the Internet Engineering Task Force (IETF).

The body just approved publication of MLS specification (RFC 9420) in March and has previously tested draft versions in Webex and RingCentral chats.

I'm a bot and I'm open source!

[–] [email protected] 12 points 1 year ago* (last edited 1 year ago) (1 children)

I wonder how this will work with (or if it will be compatible) with the efforts of Element and the Matrix standard?

[–] [email protected] 11 points 1 year ago* (last edited 1 year ago)

"Not Yet.

Messaging Layer Security (MLS) is an IETF standard for end-to-end encryption in messaging systems. We are investigating bringing MLS to Matrix. So far we have basic encryption and decryption working and can handle membership changes."

Per: https://arewemlsyet.com/

[–] [email protected] 7 points 1 year ago (1 children)

The standard that Apple still won't follow lol

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

They could be forced to by EU law eventually.

There has been some uncertainty about the feasibility of fulfilling the interoperability requirement in the Digital Markets Act. Standards like this could clearly show it can be done without compromising security.

[–] [email protected] -2 points 1 year ago

99,,I,yoXxYi9,9*(x,{§%§~~ Uymt~~

load more comments
view more: next ›