Hello friends of open standards,
did you know that https://en.wikipedia.org/wiki/Rich_Communication_Services is a standard that aims at replacing SMS, now even with end-to-end encryption upcoming, where quite a few carriers are supportive?
Open standards are good for Free Software and all users, because it means there can be independent, interoperable implementations. This is what many people would want, something that works with almost anyone.
After discovering this yesterday, I wondered, why didn't I hear about this before? It seems like a better technical approach, but all I read about mostly are proprietary messengers (and a few progessive ones with Free Software clients like Threema).
Does somebody know more? * Is this really an open standard (like we define it [1]) * How good is the end-to-end crypto? * Why isn't Apple participating yet? * Can non-Google phones run it (Like /e/, LineageOS-MicroG or SailfishOS, iOS)
Best, Bernhard ps.: Does someone remember "co -l" "ci" with real rcs? >;)
[1] https://fsfe.org/freesoftware/standards/def.en.html
On 18-03-2021 12:16, Bernhard E. Reiter wrote:
Hello friends of open standards,
did you know that https://en.wikipedia.org/wiki/Rich_Communication_Services is a standard that aims at replacing SMS, now even with end-to-end encryption upcoming, where quite a few carriers are supportive?
...
Does somebody know more?
- Is this really an open standard (like we define it [1])
At first glance, and from my experience with these kinds of consortia-created specifications: likely not. I.e. I cannot even find even a link to a paid version of this set of specifications (what disqualifies most ISO standards from being called "open"). From some quick browsing around this looks similar to other consortia where you have to become a member in order to get access to these specs. This usually comes at considerable cost, usually only a serious option for large corporations.
I'd gladly be corrected on this. But until finding a relatively cheap way to access the specification's text at least your crypto question isn't answerable.
- How good is the end-to-end crypto?
- Why isn't Apple participating yet?
- Can non-Google phones run it (Like /e/, LineageOS-MicroG or SailfishOS, iOS)
Am Donnerstag 18 März 2021 14:54:13 schrieb Giel van Schijndel:
But until finding a relatively cheap way to access the specification's text at least your crypto question isn't answerable.
https://www.gsma.com/futurenetworks/universal-profile-thank-you/ seems to have at least the 260 pages Official Document RCC.71 - RCS Universal Profile Service Definition Document but it needs a corresponding technical specification and a search on the website brings up a number of document, e.g. https://www.gsma.com/newsroom/resources/rcc-20-enriched-calling-technical-sp...
It could just be there on the website. :) Bernhard
Hi Bernhard,
On Fri, Mar 19, 2021 at 05:47:26PM +0100, Bernhard E. Reiter wrote:
Am Donnerstag 18 März 2021 14:54:13 schrieb Giel van Schijndel:
But until finding a relatively cheap way to access the specification's text at least your crypto question isn't answerable.
Related specs:
https://www.gsma.com/newsroom/wp-content/uploads//RCC.20-v7.0-1.pdf https://www.gsma.com/newsroom/wp-content/uploads//RCC.08-v9.0.pdf https://www.gsma.com/newsroom/wp-content/uploads//RCC.14_v5.0.pdf https://www.gsma.com/newsroom/wp-content/uploads//RCC.15_v5.0.pdf https://www.gsma.com/newsroom/wp-content/uploads//RCC.20-v7.0-1.pdf
Don't expect to be able to digest all of that very quickly. Cellular Networks are known for their mind-boggling complexity. Only the discovery/configuration of RCS alrady borrows on a multitude of other specs/standards ;)
Harald,
Am Freitag, 26. März 2021, 20:38:59 CEST schrieb Harald Welte:
This means unless you know how to access this separate IP tunnel used for IMS from the application processor, you would not be able to write a FOSS or 3rd party RCS client.
okay, that is a downside. And also that you cannot use it anonymously without mobile phone number, I guess.
But having any standard for encrypted messenging seems better than having many proprietary walled gardens. So I wonder if we should advertise it more, despite the drawbacks.
Am Freitag, 26. März 2021, 20:43:28 CEST schrieb Harald Welte:
Don't expect to be able to digest all of that very quickly. Cellular Networks are known for their mind-boggling complexity.
8)
thanks for your info!
Bernhard
Hi Bernhard,
On Mon, Mar 29, 2021 at 10:23:37AM +0200, Bernhard E. Reiter wrote:
Am Freitag, 26. März 2021, 20:38:59 CEST schrieb Harald Welte:
This means unless you know how to access this separate IP tunnel used for IMS from the application processor, you would not be able to write a FOSS or 3rd party RCS client.
okay, that is a downside. And also that you cannot use it anonymously without mobile phone number, I guess.
That is mostly a policy decision. The standard allows for authentication by SIM card, but also allows for other authentication mechanisms, IIRC I've seen client certificate based auth mentioned somehwere. That latter bit is btw, also true for 5G networks, but in the end, the operators have of course a strong motivation to provide services only to subscribers they have authenticated. to have a valid subscription ;)
But having any standard for encrypted messenging seems better than having many proprietary walled gardens. So I wonder if we should advertise it more, despite the drawbacks.
Given that we're not aware of any FOSS on either the RCS client nor server side, and the fact that there is likely patents as in all other cellular protocols, I would be very careful to take a position in this as FSFE.
Harald, Thank you for all your insights you shared with us. That was, as always, very helpful.
There were also some comments on Mastodon https://mastodon.social/@kirschner/105971769095775615 by user Vondralbra
@kirschner I feel #RCS is a dead horse... - if it is operated within a network operators network it is subject to lawful interception in every country of the world; so there canˋt be E2E-encryption by design - if they might use the legal gap with OTT then there might be E2E-encryption but the messages pass Google servers and Google collects all the meta-data. No, thanks... - the universal profile is the minimum set of features between all operators. Other messengers are far more advanced.
@kirschner If RCS would have been pushed by ALL network operators worldwide in 2012 and if there would have been a clear pricing model it could have succeeded. But nowadays, I don‘t believe in it anymore...
Best regards, Matthias
Am Dienstag 30 März 2021 08:34:37 schrieb Matthias Kirschner:
Harald, Thank you for all your insights you shared with us. That was, as always, very helpful.
Same from me.
- if it is operated within a network operators network it is subject to
lawful interception in every country of the world; so there canˋt be E2E-encryption by design
Still it is claimed, this is why it would be interesting to know if in how far this claim is true or not.
RCS is the most advanced "protocol" that I've heard of, to becoming a standard with end-to-end encryption for messenging, despite email. If it isn't RCS, we are in search what could be (or how it could be conceived as society).
Best, Bernhard
Hi Bernhard,
On Thu, Mar 18, 2021 at 12:16:59PM +0100, Bernhard E. Reiter wrote:
did you know that https://en.wikipedia.org/wiki/Rich_Communication_Services is a standard that aims at replacing SMS,
yes - but then I guess I'm as deep as one can get in terms of telecom protocols and specs ;)
After discovering this yesterday, I wondered, why didn't I hear about this before?
For sure within the telecom operator domain it is not a new topic, as you can see from the number of deployments during the past couple of years. It's the desperate attempt by operators to not loose all of the SMS revenue to internet messaging services.
Does somebody know more?
Unfortunately I've never studied it in detail, at Osmocom we mostly work on the lower-layer protocol stacks.
- Is this really an open standard (like we define it [1])
It is specified by 3GPP and OMA, both organizations have a long history of fully publishing the standards to the general public free of charge. However, their specs are normally heavily patent-encumbered and you will need to obtain patent licenses from the individual patent holders. Or simply not care and wait until you become relevant enough to be sued.
- Why isn't Apple participating yet?
As if apple would ever want to voluntarily participate in an open, interoperable, standards-based system, if they can just as well continue to push their own walled garden.
In general there is the obvious struggle between:
* the large internet corporations wanting to lcck their users into whatever is their own walled garden
* the mobile operators who use to be able to provide telephony and text message services based on interoperable international standards for many decades. RCS is their approach to translate this into the 21st century.
- Can non-Google phones run it (Like /e/, LineageOS-MicroG or SailfishOS, iOS)
Technically, RCS is based on TCP/IP and uses the services of IMS. IMS is the IP Multimedia System, which is what implements voice calls (and optionally SMS) for VoLTE and Vo5G.
Normally, the modem establishes a separate second IP tunnel/connection to the network, which is not the one you use for public IP access from your apps or for tethering / mobile hot spot.
That second IP tunnel has its own phone-side IP address, and typically even uses an additional layer of encryption via IPsec. Over that there is SIP for VoLTE, and also RCS.
The problem is now that while cellphones finally use IETF-derived VoIP protocols for telephony, all of this is not implemented on the application processor but typically inside the modem. This means unless you know how to access this separate IP tunnel used for IMS from the application processor, you would not be able to write a FOSS or 3rd party RCS client.
ps.: Does someone remember "co -l" "ci" with real rcs? >;)
I actually still use it occasionally!