Think of verification (V) as a required security check (like that special handshake) between any two members in a secure chat.
- One-on-One Chat: Let the chat be just between Alice and Bob. The set is S = {Alice, Bob}. Signal provides the mechanism (Safety Numbers) for Alice to verify Bob (V(Alice, Bob)) and for Bob to verify Alice (V(Bob, Alice)). For full trust, this verification should happen. Signal makes it possible and encourages it for this single pair (Alice, Bob).
- Group Chat (Signal’s Current Design): Let the group be the set G = {Alice, Bob, Charlie, … N}. Signal allows Alice to individually verify Bob (V(Alice, Bob)), or Alice to verify Charlie (V(Alice, Charlie)), and so on for any pair, optionally. Crucially: The group chat works even if these verifications haven’t happened. Alice can be in the group and talk to Bob and Charlie without the system forcing her to verify them, and without them having to verify her using the Safety Number check.
- Ideal Group Chat (Logical Requirement): Let the group be the set G = {Alice, Bob, Charlie, … N}. For this group G to have the same fundamental identity assurance as a verified chat between just Alice and Bob, the system design should require or enforce that verification V exists between all relevant pairs within the group. This means: For Alice to securely participate, the system should ensure that V(Alice, Bob), V(Alice, Charlie), and V(Alice, Y) for all other members Y in the group G are established (or at least flagged clearly if not). The same should apply to Bob verifying everyone else, Charlie verifying everyone else, and so on. Think of it like needing a “complete graph” of verification: Alice is securely linked to Bob, Alice to Charlie, Bob to Charlie, and so on for every pair.
The baffling point is: Signal built the tool for Alice to verify Bob (V(Alice, Bob)), but didn’t make establishing these verification links across the entire group (G) a mandatory prerequisite for group operation. It treated security within the group G as a collection of optional one-on-one checks rather than a fundamental, required property of the group itself.
Leave a Reply