Re: Encryption comes to RCS at last on iPhones.

On Tue, 18 Mar 2025 12:12:16 +0100, Arno Welzel wrote :

What the article does not clarify is whether Android will also implement this (Google uses its own encryption method), and so what will happen to cross platform messages.

 Since MLS will become part of RCS, Google would be stupid not to
implement it. In fact when MLS is implemented, there is no need to keep
the proprietary solution in place - maybe just as a fall back for old
devices.

Google is already on record for adopting MLS the same time Apple does.
What's interesting though is how it will work when the Internet sucks.
Nothing can happen until the two *devices* exchange the keys, right?
Apparently the fallback will be two-fold if there is no Internet:
a. Queue the message for a while, and, if necessary... b. Eventually fall back to SMS/MMS
But the fallback will be *different* depending on WHO is offline!
I use the last known good version of PulseSMS so I don't have RCS, but
apparently those with Google Messages have to set an option to get that.
 Automatically resend as SMS/MMS = on/off
So if the sender is offline, then it will queue or fallback to SMS/MMS.
But if the recipient is offline, then the carrier's RCS infrastructure (or Google's Jibe platform) will store the message until the recipient goes
back online (or until the RCS carrier's expiry time has elapsed).
But wait! How can the RCS infrastructure store a message if keys haven't
been exchanged? It turns out keys are exchanged the FIRST time the two
people communicate. So the keys are already stored on each device.
But wait. That's not all. They keys aren't kept forever, it turns out!
They're refreshed on some schedule I haven't been able to figure out yet.
The refresh seems to happen on 'context' changes, such as
a. Users adding or removing participants from a group conversation.
b. Periodic key rotations for enhanced security.   c. Detection of potential security vulnerabilities.
etc.
The plot thickens...