BDFL of Quilibrium, Eng @ Farcaster, ex-Coinbase, always opinionated, never hydrated

/quilibrium

need an opinion from @cassie on this  https://security.apple.com/blog/imessage-pq3

𝚆𝙾𝚁𝙺𝙸𝙽𝙶 𝙾𝙽: @vision 👁️ ✦  ensdata.net ✦ pugson.net/rfe ✦ 𝙿𝚄𝙶.𝙴𝚃𝙷 ✦ 𝙿𝚁𝙴𝚅: @rainbow 🌈 

They did a lot of marketing gloss on this one. There's some pretty bold claims being made, and unfortunately the claims don't hold like they say they do.

- No deniability. They claim to be better than Signal, and that this is irrelevant, but it is 100% a requirement to be at least on par.
- Post-compromise security is not immediate, in their own words its on the order of "50 messages" to "7 days" for rekeying to occur.

High level (most important to least):
- Identity keys are still EC, the PQ related key is verified by an EC signature in the hierarchy. This makes PQ claims dead in the water
- Uses hybrid encryption (not unreasonable), P-256 for EC (unreasonable), Kyber-768 (might be reasonable, time will tell, but I don't trust NIST)

what dish tastes like your past? /salty /fufu | seemore.tv/frdysk • https://rc.xyz/frdysk

It needs to work in a world where the way they did things before are broken, but it trusts one of those broken things, making it pointless in use in a post-quantum world, only somewhat useful now. They also said they did things better than Signal, but that isn't entirely true.