WhisperSystems designed good protocols, but I am afraid that Moxie was too anxious to release this info and hit ENTER key too early :-)
I am quite skeptical about the actual value from the security point of this press release.
WhisperSystems reports about end-to-end encryption, that means, I encrypt my message with an encryption key that only you or both of us know.
- How can we negotiate that key? Users are not involved, but everything happens automatically, under the hood, between two whatsapp clients. How? they negotiate the encryption keys through whatsapp servers: is it my own key or the NSA one? are they leaking the key to Facebook?
- We do need to authenticate the identity, eg: via QR code, fingerprint, spell it loudly on the phone, etc.., which reduces usability, especially for mass market.
- Last but not least: even if we authenticated identities and keys, how can we be sure that whatsapp client is really using the authenticated keys and not the NSA keys, maybe only on a white list of suspected mobile phone numbers? above all, they provide a proprietary and closed source app
The security model is faulted, at the root level:
- If I subscribe to a security service - such as messaging -, the service provider is untrusted by default. I need total transparency -> every single components in the architecture should be auditable and open source
- If mobile app is closed source, I can trust only the infrastructure that should be under my full control, to be sure that no information leak outside infrastructure is ever possible.
My 2 cents
Marco