Blog post by crypto professor Matthew Green, discussing what Telegram does (I wasn’t familiar with it) and criticizing its cryptography. He says Telegram by default is not end-to-end encrypted. It does have an end-to-end “secret chat” feature, but it’s a nuisance to activate and only works for two-person chats (not groups) where both people are online when the chat starts.
It still isn’t clear to me why Telegram’s founder was arrested. Green expresses some concern over that but doesn’t give any details that weren’t in the headlines.
Doesn’t the concept of using a CA (which are generally also central authorities) go against the idea of E2EE that only required to (or more) endpoints or am I missing something? Signal group messages (and the protocol/concept behind it) work without a CA. I think I’m missing something, can you connect the dots for me?
The CA is purely a way to provide validation that the endpoints being connected are who they say they are; the actual signing certificates are still private. Apple uses a central directory; Signal depends on certificates linked to one way hashes of phone numbers.