Key transparency is a public list of keys, like what CAs do. That still trusts an authority. Of course a third party could archive/republish the key list and you could trust them instead of Whatsapp, but that's what I call an out of band key verification.
These are all good measures though. It's much harder for Whatsapp to mass attack users this way.
Well, more than just that. For the published key transparency information to be trusted it has to not just be signed by WhatsApp, but also by an independent witness. In this case Cloudflare.
So for wa to do a man in the middle attack they would also need to convince Cloudflare to sign two inconsistent tree heads.
morshu9001|27 days ago
These are all good measures though. It's much harder for Whatsapp to mass attack users this way.
NoahZuniga|26 days ago
So for wa to do a man in the middle attack they would also need to convince Cloudflare to sign two inconsistent tree heads.