[secalex]

I gotta back Matt here. While none of the three of us would endorse the iMessage key exchange model, the truth is that the team that implemented iMessage crypto have kept more communications safe from dragnet surveillance than everybody commenting on this HN article combined.

I personally think there is a good middle ground where identity management is invisible to most users and customizable by users with more challenging threat models. That is what we are aiming for.

[tptacek]

Hold on. The iMessage key exchange model works in part because it has trust anchors; it's not a pure peer-peer system. You can see the tradeoff it makes by looking at any discussion of iMessage ever and noting how people discount its security because of those trust anchors.