[Cryptography] Apple’s iMessage Defense Against Spying Has One Flaw

Tony Arcieri bascule at gmail.com
Thu Sep 10 15:09:06 EDT 2015 

This article is really bad. I strongly suggest reading Matthew Green's
recent blog post on the same thing:

http://blog.cryptographyengineering.com/2015/09/lets-talk-about-imessage-again.html

On Wed, Sep 9, 2015 at 11:07 AM, Henry Baker <hbaker1 at pipeline.com> wrote:

> The Solution?  Let Us Verify Our Keys
>
> So, the only way around this potential backdoor is in allowing users to
> verify what keys they have received.  With Signal, users can hit a ‘Verify
> identity’ button, and the app will display their key fingerprint, as well
> as that of the person they’re communicating with.  To make sure that
> they’ve been issued the genuine keys, the pair can then send this code over
> another means of contact, or just show it to each other in person.
>


Key verification doesn't work in a system like iMessage, because iMessage
has each device for every conversation participant register a unique public
key, then encrypts each message to all public keys of all devices of all
conversation participants.

To do key verification correctly, you would have to verify every public key
of every device of every conversation participant. At that point, iMessage
probably isn't the system you're after.


> “Hardly anybody actually does verify keys offline, but the capability of
> doing so is what forces the keyserver to be honest,” Weaver continued.
> It’s worth pointing out that Open Whisper Systems partnered with WhatsApp
> to deliver end-to-end encryption, but that service, like iMessage, does not
> have a feature to verify user’s fingerprints.


This is a bad way to "keep the keyserver honest". The process needs to be
automated.

Again, I would suggest reading Matthew Green's post, where he talks about
CONIKS, and using a Certificate Transparency-like protocol:

http://www.coniks.org/

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150910/afacfae6/attachment.html>

More information about the cryptography mailing list