This seems somewhat similar to Matrix's (and other apps') approach of comparing keys to verify identity (plus with I guess some extra hardware requirements and attestation).<p>I'm interested to see what the uptake is among users, because even though Matrix has done a fair amount to smooth this process, verification is still a pretty large source of friction from what I can tell, and I'm not completely sure how it could be made easier. I guess the idea here is that once you verify a contact that syncs to their other devices, but in theory Matrix also does that, and in practice I still see some friction.<p>It's possible Apple's implementation will just be better, or that they'll rely on attestation to such a degree that they'll be able to skip some other friction points. But even with the public verification setup (which gets rid of the problem of needing to verify devices at the same time as the person you're talking to), I'm still slightly skeptical that users are going to copy and paste a code into their messaging app to verify contacts. My experience is that even popping up a button and saying, "do your friend and you see the same emoticons" is too much work for a lot of users.<p>Maybe I'll be wrong. And I guess ideally if iOS users get used to doing this, they might be more tolerant of doing the same thing in other messengers too.
For those interested, the underlying technology for this feature is transparency logs. Some technical details for iMessage's approach can be found here:<p><a href="https://security.apple.com/blog/imessage-contact-key-verification/" rel="nofollow noreferrer">https://security.apple.com/blog/imessage-contact-key-verific...</a><p>The same technology powers WhatsApp's key transparency:<p><a href="https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/" rel="nofollow noreferrer">https://engineering.fb.com/2023/04/13/security/whatsapp-key-...</a><p>Less than a month ago the first workshop on "transparency systems" was held at ACM CCS:<p><a href="https://catsworkshop.dev" rel="nofollow noreferrer">https://catsworkshop.dev</a><p>Shameless plug: I'm one of the designers of the Sigsum public transparency log, as well as System Transparency - a security architecture intended to bring transparency to the reachable state space of a remote running system.
I think this feature is already in other chat apps like matrix or telegram, will see how’s Apple implementation compares, but great addition nonetheless.
Why does Apple couple iMessage with rest of iCloud? Why is iCloud and iCloud Keychain being on a requirement for secure iMessage to function? That seems like a poor design choice to me.<p>For someone who cares about their communication security deeply enough to do contact public key verification, they would likely want to turn off iCloud syncing iMessage across multiple devices. They are likely to not have same iCloud account on multiple devices. In such cases, what's the value of having iCloud Keychain being turned on?
How safe is the contact that is uploaded to the iCloud? How safe is the contact from being modified by some app on your iPhone? The contact containing the verification code seems to be one of the weaker link in this whole thing.<p>If Mallory can change the verification code in the contact to their own, the communication between Alice and Bob is no longer protected.
Doesn’t sharing your pub code also kind of build a network of “proof” this is you? As in sure Billy knows its you but so will a court have that same evidence, making denial “thats a spoofed message” harder.
It looks like I would need the following for this to work:<p>To use iMessage Contact Key Verification, you’ll need:
iOS 17.2, watchOS 9.2 and macOS 14.2 on all devices where you’ve signed in to iMessage with your Apple ID<p>Unfortunately my work iMac isn’t on Sonoma, it’s on Monterey. I suppose I could log out on that machine, but still, a bit of a shame older versions aren’t supported.<p>Am I reading the requirements correctly? Does this mean that for all devices to work with CKV, then all OS’s need to be updated, or will it not do CKV on any devices if even one device is not supported?
There is a huge opportunity here for Apple to do a proper chain of trust.<p>“You want to talk to Adam, but you haven’t verified their keys yet. However your contacts Anna and Derek have confirmed Adam’s identity”
Quite disappointingly, this requires being logged in with iCloud as well as iMessage on the same device, so I can't use it on my work computer (I have different Apple IDs at work and home). I don't really see why the two need to be tangled together.
Seems like Apple is tacitly acknowledging that sophisticated actors have successfully been man-in-the-middling iMessage users. I wonder if they have clear evidence of that since I haven’t seen any coverage on this.
Sucks that it requires iCloud Keychain enabled, and also removing your appleid from any legacy macs and iphones. Wish they explained the reasons for this, because I'm having a hard time seeing one.