[morshu9001]

They also decide what public key is associated with a phone number, right? Unless you verify in person.

[NoahZuniga]

That's protected cryptographically with key transparency. Anyone can check what the current published keys for a user are, and be sure they get the same value as any other user. Specifically, your wa client checks that these keys are the right key.

[morshu9001]

Even if your client is asking other clients to verify, what if everyone has the same wrong key for a particular user Whatsapp has chosen to spoof?

[NoahZuniga]

Well, surely your client knows what its own key is, and would notice that the listed key is wrong when it checks it.

[morshu9001]

They can also tell your client it has the correct key. Yours and the other clients are all talking to their mitm in this scenario. There's fundamentally no way to solve this without users verifying keys out-of-band.

[NoahZuniga]

> They can also tell your client it has the correct key.

No they can't. Key transparency cryptographically makes sure everyone gets the same result.

[morshu9001]

Key transparency is a public list of keys, like what CAs do. That still trusts an authority. Of course a third party could archive/republish the key list and you could trust them instead of Whatsapp, but that's what I call an out of band key verification.

These are all good measures though. It's much harder for Whatsapp to mass attack users this way.