[messaging] Second thoughts on WhatsApp encryption
Moxie Marlinspike
moxie at thoughtcrime.org
Fri Nov 21 07:58:39 PST 2014
On 11/21/2014 06:13 AM, Nadim Kobeissi wrote:
>
> WhatsApp's servers are currently checking every client (via version
> numbers) for whether they have Axolotl compatibility or not. If both
> clients participating in a conversation support Axolotl, then the
> *server itself* must then sanction an Axolotl chat and say "yes, it's
> okay for this conversation to be encrypted." If at least one of the
> clients is running a non-Axolotl WhatsApp, the server would disallow
> encryption for that conversation.
Yes, clients need to negotiate encryption capability until all clients
support encryption. We'll be surfacing this into the UI for each client
once protocol support is complete on that client. Rolling something
like this out to 600MM+ devices is an incremental process that takes time.
- moxie
--
http://www.thoughtcrime.org
More information about the Messaging
mailing list