On Thu, Apr 4, 2013 at 3:51 PM, ianG <[email protected]> wrote: > On 4/04/13 21:43 PM, Jon Callas wrote: >> This is great. It just drives home that usability is all. > > Just to underline Jon's message for y'all, they should have waited for > iMessage: > > "Encryption used in Apple's iMessage chat service has stymied attempts > by federal drug enforcement agents to eavesdrop on suspects' conversations, > an internal government document reveals.
[...] But note that this doesn't mean that iMessage can't be MITMed or otherwise be made susceptible (if it isn't already) to MITM attacks or plain traffic analysis. iMessage relies on Apple as a trusted third-party. Therefore Apple can MITM its users. The best case scenario is that the iMessage clients can add jey pinning to force the TTP to either never MITM or always MITM any pair of peers. But since the TTP also distributes the client software... Online we have lots of security problems that are difficult to resolve, from physical security of devices (there's not enough) to the lack and general difficulty/impossibility of reliably open-coding or reviewing everything that one has to trust (mostly software, and some firmware too). Basically, this is complaint by the DEA is disinformation or misinformation (or both!). If the former case we might even be staring at the start of a new crypto wars period. Nico -- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
