[messaging] Opportunistic encryption and authentication methods

Tom Ritter tom at ritter.vg
Sat Sep 13 12:58:41 PDT 2014


On 12 September 2014 23:42, Joseph Bonneau <jbonneau at gmail.com> wrote:
> *Apple iMessage, Wickr and BBM Protected can all be described as
> opportunistic encryption messaging systems that have been very successful
> deployment-wise. Although AFAIK none of them provide any MITM resistance if
> the centralized public key servers are compromised or misbehave.

It's my understanding that Wickr recently implemented features to
expose fingerprints. I'm not 100% certain. It would be an interesting
experiment to see what happens with these fingerprints if you e.g.
wipe your phone and reinstall, or move your SIM to a new device and
install.

Considering the ease with which an app could expose fingerprints and
make no effort to tell people to verify them, I feel all apps should
at least do that.

-tom


More information about the Messaging mailing list