[sammoth]

If I acquire a SIM card that takes over your friend's phone number, I can install Signal and sign up as your friend. Then when you use Signal to communicate with your friend, you are actually communicating with me. How is that different to HTTPS?

[idibidiart]

Thank you for mentioning that possibility. I'll raise the issue with Whisper.

[sammoth]

Interesting, ok. I am not sure above what you are suggesting is more secure about Signal compared to HTTPS though. In both cases you start out with an address (phone number or domain) which you want to use to communicate with a third party securely. You require a trusted third party to link the address to an identity so that you know you are communicating with the right person. With HTTPS you are trusting the CA, with Signal you are trusting Signal. The CA will have checked for ownership of the domain and Signal will have checked for ownership of the phone number. After you have established secure communication with the end party, you have equivalent guarantees of privacy for future communications with them using either protocol.

[willstrafach]

This is why you are notified by Signal of key changes. This allows you to verify the change with your contact out of band.

[ubercow13]

Just like HPKP...