I'm interested to see what the uptake is among users, because even though Matrix has done a fair amount to smooth this process, verification is still a pretty large source of friction from what I can tell, and I'm not completely sure how it could be made easier. I guess the idea here is that once you verify a contact that syncs to their other devices, but in theory Matrix also does that, and in practice I still see some friction.
It's possible Apple's implementation will just be better, or that they'll rely on attestation to such a degree that they'll be able to skip some other friction points. But even with the public verification setup (which gets rid of the problem of needing to verify devices at the same time as the person you're talking to), I'm still slightly skeptical that users are going to copy and paste a code into their messaging app to verify contacts. My experience is that even popping up a button and saying, "do your friend and you see the same emoticons" is too much work for a lot of users.
Maybe I'll be wrong. And I guess ideally if iOS users get used to doing this, they might be more tolerant of doing the same thing in other messengers too.
[1]: Here's my Keyoxide page for example: https://keyoxide.org/alexander@notpushk.in
I quite enjoyed Keybase back in the day, but then they pivoted to being a crypto wallet, and were ultimately acquired by Zoom (a move I understand less every day, since they obviously gave up on their bold promises of end-to-end encryption they made back in 2020).
My suspicion is that it'll be quite low for many years, for two reasons:
- It requires a recent iOS and macOS version on all of a user's devices. Still got an old iPad lying around somewhere that doesn't receive software updates anymore? No key verification for you. (In a similar way, Apple has been making older devices obsolete by preventing Notes sync in some previous iOS version. This is only an issue because all of these apps are not updateable outside of the core OS.)
- It requires users to be logged in to the same Apple ID for iCloud and iMessage.
The former will only change once these old devices completely die – I just don't think many users will value key verification enough.
If Apple rolls out a similar system and it works or they're able to identify pain points and make it easier to use, then cool. Maybe Matrix can take pointers from the UI if that's the case. But I wonder if that will be the case, or if Apple's implementation will suffer from the same UX problems that Matrix's does.
https://security.apple.com/blog/imessage-contact-key-verific...
The same technology powers WhatsApp's key transparency:
https://engineering.fb.com/2023/04/13/security/whatsapp-key-...
Less than a month ago the first workshop on "transparency systems" was held at ACM CCS:
Shameless plug: I'm one of the designers of the Sigsum public transparency log, as well as System Transparency - a security architecture intended to bring transparency to the reachable state space of a remote running system.
EDIT: no, it wasn't. it was announced a year ago per other comments...
For someone who cares about their communication security deeply enough to do contact public key verification, they would likely want to turn off iCloud syncing iMessage across multiple devices. They are likely to not have same iCloud account on multiple devices. In such cases, what's the value of having iCloud Keychain being turned on?
Makes sense to download stuff and have it be in downloads on the laptop or iPad.
I don’t think that’s really that dark.
If Mallory can change the verification code in the contact to their own, the communication between Alice and Bob is no longer protected.
WhatsApp supports this too, see "Verify Security Code" on this page: https://faq.whatsapp.com/820124435853543
So does Signal: https://support.signal.org/hc/en-us/articles/360007060632-Wh...
So does Telegram: https://telegram.org/faq#q-what-is-this-39encryption-key-39-...
So it’s nice that it’s encrypted in transit but since iMessage is apple only and requires.. see above!
How do? iCloud Keychain is E2EE with a key derived from your device password/passcode.
To use iMessage Contact Key Verification, you’ll need: iOS 17.2, watchOS 9.2 and macOS 14.2 on all devices where you’ve signed in to iMessage with your Apple ID
Unfortunately my work iMac isn’t on Sonoma, it’s on Monterey. I suppose I could log out on that machine, but still, a bit of a shame older versions aren’t supported.
Am I reading the requirements correctly? Does this mean that for all devices to work with CKV, then all OS’s need to be updated, or will it not do CKV on any devices if even one device is not supported?
“You want to talk to Adam, but you haven’t verified their keys yet. However your contacts Anna and Derek have confirmed Adam’s identity”
“You want to talk to Family Lawyer D. Ivorstein, but you haven’t verified their keys yet. However your contact Wife has confirmed D. Ivorstein’s identity”
I would trust my technical friend with their chain of trust, but not my hair dresser.
Does not guarantee it's Adam reading.
The only scenario where this might break is if you log into personal accounts on work devices or vice-versa. I think that’d be ill-advised…
An Apple account is required in many situations (e.g. you want to download something from the Mac Store, you want Find My Mac etc.), but Apple doesn't cleanly support multiple accounts on any of their devices (and they probably have no incentives to do so)
It's also a PITA to have single devices with single accounts. For instance 2FA is a pain, you also can't use features like sidecar.
All in all, Apple is really bad at this and makes you jump through hoops if you intend to have clean separation between your work and personal accounts.
[0]: https://register.apple.com/resources/messages/messaging-docu...
I wouldn't say they "gained access to iMessage network".
They figured out a weakness in Apple's authentication that allowed a user with a fake serial # to authenticate. Apple is slowly making it more strict/checking the serial #s better (my opinion/guess).
Rather, it aims to prevent someone who compromised iMessage infrastructure, from pulling a dodgy around keys.
It’s described in more detail here:
https://security.apple.com/blog/imessage-contact-key-verific...
(This is end-to-end encrypted, by the way; Apple can’t get at people’s private keys.)
And this is a new protocol, so no surprise it doesn’t work with older operating systems. (It doesn’t say you have to remove your Apple ID completely, just log out of iMessage.)
And I could totally see Apple making non-verified contacts' bubbles a different color sooner rather than later...
https://www.macrumors.com/2022/12/07/new-imessage-apple-id-s...
Practically, the added complexity of having to integrate with iCloud Keychain certainly won't help.
