Google Messages MLS support adds interoperable encrypted messaging
Google today announced its support for interoperable end-to-end encrypted communication between large messaging platforms, with plans to integrate the MLS protocol into Google Messages and Android.
Google says it is “strongly supportive of regulatory efforts that require interoperability for large end-to-end messaging platforms,” which is presumably in reference to the European Union’s Digital Markets Act. That regulation would require iMessage to be interoperable with other messaging platforms.
To achieve this, Google says this interoperability requires “open, industry-vetted standards, particularly in the area of privacy, security, and end-to-end encryption.” If not, end-to-end encrypted group messaging and other advanced features would be “impossible in practice.” Specifically, “group messages would have to be encrypted and delivered multiple times to cater for every different protocol.”
Without robust standardization, the result will be a spaghetti of ad hoc middleware that could lower security standards to cater for the lowest common denominator and raise implementation costs, particularly for smaller providers.
To achieve interoperable E2E encrypted messages, Google points to the Internet Engineering Task Force‘s Message Layer Security (MLS) specification RFC 9420.
…we specify a key establishment protocol that provides efficient asynchronous group key establishment with forward secrecy (FS) and post-compromise security (PCS) for groups in size ranging from two to thousands.
Google says MLS would make possible “practical interoperability across services and platforms, scaling to groups of thousands of multi-device users.” This could “unleash a huge field of new opportunities for the users and developers of interoperable messaging services that adopt it.”
It is also flexible enough to allow providers to address emerging threats to user privacy and security, such as quantum computing.
Google plans to build MLS into its Messages app, which offers E2EE 1:1 and group RCS chats today, and “support its wide deployment across the industry by open sourcing our implementation in the Android codebase.” How RCS factors into this remains to be seen.
More on Google Messages:
Source: 9to5Google