| Absolutely amazing work. Just one nit: Per the article, > While the pair format is much more documented and easier to implement, it does not provide forward secrecy using “pre-keys” (similar to Signal) as the new pair-ec format does. Is there any indication that (modern, i.e. ECIES-using) iMessage really uses pre-keys? As far as I can tell, it only uses a drop-in replacement of ECIES instead of RSA for the encryption (and maybe signature?) part, but that alone does not yield forward secrecy. If there isn't, I believe this might be a misinterpretation of how RSA, Elliptic Curves, and forward secrecy relate. The Wikipedia article on iMessage seems to propagate the same mistake: > The post also noted that iMessage uses RSA key exchange. This means that, as opposed to what EFF's scorecard claims, iMessage does not feature forward secrecy. (The quoted reference actually makes no such claim.) |