[varenc]

Seems like Apple is tacitly acknowledging that sophisticated actors have successfully been man-in-the-middling iMessage users. I wonder if they have clear evidence of that since I haven’t seen any coverage on this.

[AceJohnny2]

Or! they're trying to get ahead of legislation (looking at the UK) by presenting a fait-accompli

[dannyw]

I don’t get that impression. Given that iMessage is such a high value target, I wouldn’t be surprised either way, but adding more security features is not a tacit admission of compromise.

[jrockway]

The attack is that anyone can make an iMessage account and pretend to be your friend ("new phone who this"); this feature is how you prevent that.

[varenc]

Agreed with the sibling comment. To quote Apple, this feature can "detect sophisticated threats against iMessage servers". Essentially it's to protect against state-sponsored attacks MITMing you. Doing that also probably requires the attackers also have access to some root CA private keys so it's a very small pool.

[dannyw]

I don’t think that’s the attack this feature aims to prevent.

Rather, it aims to prevent someone who compromised iMessage infrastructure, from pulling a dodgy around keys.