Are you saying Google “holds the keys [to the castle]”, as in you have to go through them to access the app? Or because they are the only ones supporting end-to-end encryption between their users?
The former should be able to be fixed with external app stores. The latter is a bit more difficult and would probably require changing the standard since, you’re right, E2EE is a Google Messages feature, not an RCS feature.
If I were working on the standard, I’d probably add support for KMS/Relay servers on specified SRV records for a domain. KMS could even be optional with TXT records for an individual users public key. Then just layer on GnuPG or something similar. This would also make it easier for vanity/personal domains for RCS addresses.
honestly im saying both. google has the only e2ee rcs implementation and they require you use their software and afaik haven’t opened up that part and have no plans to.
becoming corporate citizens is the solution presented to common carrier surveillance and its a bummer.
relying on dns opens the end user up to cert attacks and everyone already just clicks through whatever cert acceptance popup their provider throws out so the eu almost doesn’t need to mandate everyone accept nation certs.
Are you saying Google “holds the keys [to the castle]”, as in you have to go through them to access the app? Or because they are the only ones supporting end-to-end encryption between their users?
The former should be able to be fixed with external app stores. The latter is a bit more difficult and would probably require changing the standard since, you’re right, E2EE is a Google Messages feature, not an RCS feature.
If I were working on the standard, I’d probably add support for KMS/Relay servers on specified SRV records for a domain. KMS could even be optional with TXT records for an individual users public key. Then just layer on GnuPG or something similar. This would also make it easier for vanity/personal domains for RCS addresses.
honestly im saying both. google has the only e2ee rcs implementation and they require you use their software and afaik haven’t opened up that part and have no plans to.
becoming corporate citizens is the solution presented to common carrier surveillance and its a bummer.
relying on dns opens the end user up to cert attacks and everyone already just clicks through whatever cert acceptance popup their provider throws out so the eu almost doesn’t need to mandate everyone accept nation certs.