Is MLS required by law/EU or something like that? I wonder if this will be the type of thing that will only be implemented by "mandatory" phone messaging apps, and never adopted by the big players like Whatsapp and Messenger.
It's not an EU requirement (at the moment, at least). Interoperability is required, and MLS is an IETF standard (RFC 9420) to accomplish secure cross service messaging.
Several Facebook people (@fb.com) were taking part in protocol design, so I wouldn't say they'll never adopt it. It all depends on how much shit the EU is willing to take when it comes to interoperability.
MLS without MIMI isn't going to change much, though, and MIMI is still a work in progress.
> MLS is agnostic to the identity system used within any given messaging service; it provides confidentiality of sessions once the participants in a conversation have been identified. To achieve interoperable messaging, the MIMI working group will specify how one or more identity building block technologies (for example, X.509 certificates or Verifiable Credentials) can be used to establish end-to-end cryptographic identity across messaging services, assuming the use of MLS for key establishment.
Indeed MLS alone is nowhere near good enough to make systems interoperate. Here's to hoping MIMI takes significantly less of a fraction of a decade to get built that MLS took (5 years since chartered, 3 years after initial due dates).
The EU requires only interoperability. E2E encryption is not asked for and even against some members of the EU who want chat monitoring capabilities. However, FB and Google might implement it to reassure people that their private data is not used for ads purposes.
Didn't we have this already? Facebook Messenger and Google Hangouts were both XMPP under the hood like 8 years ago. Am I missing something or is there an actual innovation to be found here?
So far I haven't seen Google publish anything of significance for interacting with their RCS server, or the details of their implementation of open messaging concepts.
Where they're not using MLS, they're using the Signal protocol. Without publishing details about key servers and authentication methods, none of their layers on top of open standards such as RCS are very beneficial to anyone but them.
Oh, that's a good start. Thanks!
Though from what I've heard, Google won't allow replacing the RCS app like you can with SMS/MMS. Which would significantly limit its usefulness, unless that changes.
