
The War on Crypto Terror - Garbage
http://techcrunch.com/2015/05/30/the-war-on-crypto-terror
======
plg
If Apple doesn't hold the encryption keys for an iMessages chat (they reside
on the participants' phones), they can't "hand over" the conversation. Well I
guess they can hand over the encrypted conversation. What am I missing?

~~~
noondip
Public keys are fetched from Apple's servers; the entire key infrastructure is
controlled by the fruit co.

[http://blog.quarkslab.com/static/resources/2013-10-17_imessa...](http://blog.quarkslab.com/static/resources/2013-10-17_imessage-
privacy/slides/iMessage_privacy.pdf)

~~~
plg
Sure but private keys are on the device, no? Doesn't this mean that without
access to the device, one can't decrypt messages?

~~~
mike-cardwell
When you send a message to somebody, you need their public key. With iMessage,
you're relying on Apple giving you the public key of the real recipient and
not a public key belonging to themselves so they can decrypt, view it, encrypt
with the recipients real public key and then forward on the message.

Imagine if you were using PGP and every time you wanted to send an encrypted
email to somebody you asked me for their public key and trusted whatever I
gave you.

~~~
plg
Ahhhh man in the middle

yes of course you're right

That's different though than Apple "handing over the encryption key" to
someone's conversation.

... that's Apple actively deceiving a user during a conversation ... Apple
actively, intentionally, lying to users to say that their conversations are
encrypted to Apple but in fact not.

Assuming Apple is being honest and not doing this, what happens when the
government asks Apple to "hand over the encryption keys"? Does this mean Apple
has to agree to participate in a man in the middle attack?

~~~
mike-cardwell
The US government would just tell Apple to supply the plain text of any future
messages going in and out of that particular account. How Apple goes about
doing that is not their concern. Apple can do it if ordered to do so, so they
must.

