Home Books Training Newsletter Resources
Sign up Log in

Cryptography & Security Newsletter

110

Apple’s New Messaging Protocol Raises the Bar for Post-Quantum Security

29 Feb 2024

Feisty Duck’s Cryptography & Security Newsletter is a periodic dispatch bringing you commentary and news surrounding cryptography, security, privacy, SSL/TLS, and PKI. It's designed to keep you informed about the latest developments in this space. Enjoyed every month by more than 50,000 subscribers. Written by Ivan Ristić and Robert Thornton.

Apple announced a significant upgrade of the communication protocol used by iMessage, working to add defenses against post-quantum attacks. The new protocol, called PQ3, is promoted as offering the strongest security properties of any protocol deployed at scale.

Signal already beat Apple to deploying production-grade post-quantum security with its PQXDH protocol, launched last year, but Apple claims to be going a step further, with protection for the initial key establishment as well as ongoing post-quantum rekeying. This new protocol version adds forward security (which Signal already has) and formal validation: all good things.

Apple considers PQ3 to be a “level 3” protocol and plans a future revision that will add post-quantum authentication on top of the existing post-quantum key establishment. PQ3 is currently in the final stages of testing and will be deployed with the final releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. Apple expects that the new protocol will be fully deployed by the end of 2024.

This news is great for the users of Apple’s platforms, but communication that crosses into other messenger systems will remain insecure as it falls back to the plain-old SMS. The release of Message Layer Security (MLS) last year raised hopes that we may see interoperability among various messenger platforms in the future, but that will probably take another couple of years, at least.

Subscribe to the Cryptography & Security Newsletter

This subscription is just for the newsletter; we won't send you anything else.

Article 45 Saga Concludes with EU Clarifications

After several years, the long story of Article 45 has come to an end with the European Parliament making further clarifications to separate their authentication requirements (via certificates) from browsers’ freedom to enforce security:

To that end, providers of web-browsers should ensure support and interoperability with qualified certificates for website authentication issued in full compliance with this Regulation. The obligation of recognition and interoperability of and support for qualified certificates for website authentication does not affect the freedom of providers of web-browsers to ensure web security, domain authentication and the encryption of web traffic in a manner and by means of technology that they consider to be the most appropriate.

The Security Risks Campaign is happy with the outcome.

Rustls Adds FIPS Support, Goes Faster

Prossimo, a project of Internet Security Research Group (ISRG) focused on software memory safety, continues to make good progress on their new and modern TLS library. Rustls, as the project is known, is written in Rust, a programming language focused on correctness and security.

With the most recent release, Rustls added support for pluggable cryptography, making the library more useful to a wider range of audiences. The default backend is now AWS-LC, Amazon’s general purpose cryptographic library that’s not only fast, but supports FIPS, a US government standard that’s important to many users.

Going forward, Rustls is focusing on rigorous benchmarking intended to further improve performance, and an OpenSSL compatibility layer in order to make it easier for users to upgrade. Although AWS-LC itself is based on OpenSSL and its fork BoringSSL, the pluggable nature of Rusttls leaves the door open for an all-Rust implementation in the future.

Short News

Here are some things that caught our attention since the previous newsletter:

  • In his Trail of Bits Blog, Scott Arciszewski looks at Amazon Web Services’ cloud cryptography tools to help us understand what’s on offer.
  • Air Canada has been forced to honor a refund policy created by its chatbot. The now-retired chatbot hallucinated a policy that contradicted the airline’s actual bereavement policy.
  • Bruce Morton writes about what happened in the PKI world in 2023 for the Entrust blog and gives a glimpse about what’s cooking for 2024.
  • In response to a New York Magazine article about how the author ended up giving $50,000 in cash to a scammer, SocialProof CEO Rachel Tobac published an article on LinkedIn titled “The Anatomy of a Scam: The Shoebox Incident.”
  • Steve Weis mentioned on Twitter how a paper titled “Reducing the Number of Qubits in Quantum Factoring” claims that RSA-2048 could be factored with 1,600 logical qubits: almost there (not).
  • A twenty-year-old flaw in DNSSEC was discovered by a group of academics from the German National Research Center for Applied Cybersecurity (ATHENE) in Darmstadt. The problem has been named KeyTrap.
  • Black Hat USA 2024 is now accepting papers, should you wish to submit to their crypto track.
  • Brian Kondracki and Johnny So of Stony Brook University won the eleventh NSA Annual Best Scientific Cybersecurity paper competition for their 2022 USENIX Security paper on Certificate Transparency bots.
  • The European Court of Human Rights has banned the weakening of end-to-end encryption. The court ruled that the encryption helps citizens and companies to protect themselves against hacking, theft of identity and personal data, fraud, and the unauthorized disclosure of confidential information.
  • Filippo Valsorda discusses PINs for cryptography with hardware secure elements in a blog post of the same name, noting that when hardware secure elements are available, we’re not bound by the capabilities of cryptography and information theory anymore.
  • rpki-client 8.9 has been released. It includes improved manifest handling now in full conformance with RFC 9286, bug fixes, and various refactoring.
  • Emily Stark discusses why the end-to-end encryption (E2EE) gap between web and mobile applications is much smaller than it seems.
  • In the Security Cryptography Whatever podcast, the hosts talk with Franziskus Kiefer and Karthik from Cryspen about their new high-assurance implementation of ML-KEM, which is the final form of Kyber.
  • The New York Times featured an obituary for historian David Kahn, who is best known for bringing the world of cryptography to public attention with The Codebreakers, a 1967 history of the field.
  • More than twenty-seven security experts wrote a letter to the United Kingdom’s home secretary to protest the proposed amendments to the UK’s Investigatory Powers Act (IPA), which they said would endanger the security of the internet.
  • In a blog post, Bruce Schneier discusses the documents that record the NSA’s decision to ban Furby toys in the 1990s.
  • Kathleen Wilson, creator and long-time manager of the Common CA Database (CCADB), has announced her retirement. As a parting gift, she wrote about her ten years on the job.
  • To help developers understand why they must evade timing attacks with constant-time code, Chosen Plaintext Consulting has created “A Beginner's Guide to Constant-Time Cryptography.”
  • Attention UK companies: if your firm has less than 50 people and operates within one of the selected sectors, the National Cyber Security Centre (NCSC) will help you attain the Cyber Essentials Plus certification.
  • In hacker news, the announcement that Signal users can now use usernames (in beta) was discussed by readers. The reaction was overwhelmingly positive, and readers hoped that additional ID-related features would be added to Signal.
  • In this month in 1918, inventor Arthur Scherbius applied for a patent for a cipher machine involving rotors. He would go on to later build the Enigma machine, which gave Germany a crucial early advantage in the Second World War. (h/t Today in Infosec)
  • Kim Zetter has written an article for her Zero Day blog on the Nevada attorney general’s efforts to stop Meta from implementing end-to-end encryption for Facebook users who are under eighteen.
  • Ars Technica discusses the EU Court of Human Rights (ECHR) and its decision that police backdoors in end-to-end encryption undermine human rights. In response to a case involving a Telegram user and Russia’s Federal Security Service, the court stated that law enforcement has other ways to decipher encrypted messages.
  • Have you ever wondered what the Bible has to say about cryptography? David Cary has been keeping track since 1996.

Designed by Ivan Ristić, the author of SSL Labs, Bulletproof TLS and PKI, and Hardenize, our course covers everything you need to know to deploy secure servers and encrypted web applications.

Remote and trainer-led, with small classes and a choice of timezones.

Join over 2,000 students who have benefited from more than a decade of deep TLS and PKI expertise.

Find out More

hello@feistyduck.com @feistyduck

Books

  • Bulletproof TLS and PKI
  • ModSecurity Handbook
  • OpenSSL Cookbook

Training

  • Practical TLS and PKI

Resources

  • Newsletter
  • SSL/TLS and PKI History
  • Archived Books
  • Bulletproof TLS Guide

Company

  • Support
  • Website Terms of Use
  • Terms and Conditions
  • Privacy Policy
  • About Us