After Apple released a document last month describing iOS security in detail for the first time, a lively discussion about iMessage security ensued on Hacker News. The main criticism: users so not need to (cannot even) verify the authenticity of the public keys used to encrypt the messages. Instead users need to trust Apple to give them the right keys, and not to sneak an extra key in that would allow Apple (or the NSA) to eavesdrop on your messages. But is this criticism fair?

Read the rest of this entry »