[Terretta]

> There's a much bigger issue, the default iPhone settings has "Send as SMS" off, this means that if a failed iMessage attempt occurs, it will just give up (rather than sending by SMS).

So by default, it sends a secure end-to-end message, and you'd prefer it to fail back and send an insecure SMS logged by your telco? (Verizon, for example, makes your SMS history available in a web portal.)

I think the bigger issue would be if iMessage burned your SMS plan and sent insecure messages without you explicitly asking to.

Defaulting to losing the security and privacy seems more "frankly absolutely ridiculous".

[untog]

That's a very generous reading of the situation. How many iPhone users bought their device because it offers secure end-to-end messaging? I'm going to say very few of them. How many of them even know what the blue bubble and the green bubble mean?

I think a lot more users would be surprised that iMessage doesn't burn through your SMS plan than those would be surprised if it did.

[ender7]

What? The correct behavior here is to realize that the target no longer supports iMessage and return to non-iMessage behavior. This should involve swapping the UI from blue back to green so the user is aware.

[saurik]

This is what happens. The setting is only what happens automatically: if the UI is blue and it fails to send. When it fails to send, the message is marked failed (with a red exclamation point), and then the UI switches to green because the recipient is not connected to iMessage.

[geofft]

Availability is part of security, right next to confidentiality and integrity. Systems that silently fail closed aren't secure in a meaningful way, because you can't distinguish a DoS from "working as designed".

[mhurron]

Availability does not mean availability at any cost. When designing a system at no point should it be considered secure if it fails open.

The issue is that there is little information provided to the user to indicate why there is an issue, but it most certainly should fail closed.

[DougBTX]

Unless it opens the door to downgrade attacks, then things get a bit more murky: http://crypto.stackexchange.com/questions/10493/why-is-tls-s...

[jacquesm]

I'd rather have my telco read over my shoulder than Apple.

Telcos being in the business of handling my conversations anyway and Apple being a hardware vendor from a different continent.

[mikeash]

He implies a nice middle road: don't automatically fall back to SMS, but inform the user that the recipient cannot be reached on iMessage and SMS must be enabled if you want to talk to them.

[psykovsky]

Why not just ask straight away if the user wants to send the message as SMS instead of having to change global configurations?

[micampe]

When iMessage fails you get a notification and next to the message appears a button which pops up a menu with “Try Again” and “Send as SMS”.

http://tidbits.com/resources/2013-10/iMessage-failure.png

(Unfortunately that didn't work for the issue fixed by this tool, since the iMessage never actually failed from the sender's perspective)