warning: the e2e implementor’s guide hasn’t been updated with any of the incremental key backup or interactive key verification stuff which just landed in Riot 1.0, nor the cross-signing epic which is on the horizon.
The details for these for those interested can be found at:
Is there any plan to expose the Megolm session rotation parameters in the room configuration (I only just found out about them by reading the spec)? As an aside, I just tested setting the rotation parameters in an empty room, with key rotation set to every 5 messages, and the session_id was the same for all of my messages -- is Megolm rotation implemented in Riot?
Hm, it should work, at least on matrix-js-sdk, based on a quick look at https://github.com/matrix-org/matrix-js-sdk/blob/907cf19f054.... However, you're right that the UI isn't exposed in Riot currently, and the code may have bitrotted; looks like there isn't an explicit test for it.
I figured it out -- the problem is that you cannot change the encryption parameters for a room, as any new m.room.encryption events are explicitly ignored[1]. I set up a new room and sent a custom state event and it worked.
There is obviously a reason why you can't disable encryption once enabled, but it does suck that fields within m.room.encryption which are entirely advisory (since as far as I know the current implementation doesn't block messages that use old sessions) can't be changed.
It's good to see that the session is being rolled somewhat frequently though. This does explain some of my questions about why the old-school key backups kept getting larger even though I haven't joined any new chats.
I love Matrix and I am planning on running a home server of my own and integrate it with all the different chat services I use.
Last time I checked there was the Matrix reference implementation and Riot. Today, there's a bunch of gorgeous Matrix clients that I can see people actually use. Alternative clients like Fractal and Nheko can make or break the ecosystem and I'm glad to see continuous improvement in that area.
It's especially nice to see the cross-signing proposal approved, as trying out just a few Matrix clients over time has added 9 separate keys I need to approve to my account already. Stuff like this will make it easy to switch phones/desktops/apps and will be wonderful for public uptake.
Thanks for the link. I actually checked the CVEs so far and read their 'security' page. I have only skimmed the article, however, if it's just reverse engineering the protocols, and you are still using somebody else's server, what's the biggest risk? Maybe a vuln in the client that won't be fixed as fast as the official client?
Pidgin integration would be amazing. It's my favorite client and one of the most usable currently, but nothing uses it. Everything nowadays is custom web or electron apps. I wish someone made a signald plugin for Pidgin...
I love Matrix and Riot is the perfect client! Personally, I found the current way to manage end-to-end encryption in a room a little bit annoying to configure (when using it in a team is even more painful). I am glad to hear that it is getting better.
nheko lost its maintainer for a few months hence stuff like the missing e2e attachments, but they are trivial to add; hopefully someone will contribute them soon.
I'm new to using all the new chat programs and LOVE the idea of matrix, but was somewhat surprised to learn there isn't a bridge for Signal, since it's open source. Is there a reason and/or any possibility of it happening. The linux Signal desktop client is too resource intensive and it would be amazing to be able to use WeeChat.
Moxie has been very anti-federation when it comes to Signal for a few years[0] (while I disagree with his reasons, he is right that having a centralised system does make it easier to make protocol changes without splintering your user-base).
There is a Signal bridge[1], but it's incredibly hacky (it does some ungodly things with JavaScript to re-use the Signal Chrome App) and requires you to register Signal for a device and then use the linked device configuration to get messages. Personally that's far from ideal, and I think a better solution would be to actually set up a full-on fake device with signal-cli[2] (an unofficial wrapper around the Signal Java library) and then forward things.
Unfortunately, Signal bridges would necessarily have to man-in-the-middle your messages (breaking a lot of the benefits of the Signal crypto). You could forward the messages to an encrypted chat, but you still have a fairly big issue -- especially for shared homeservers. So you'd probably need to run your own homeserver and then you get into a lot more fun.
There is a signal bridge [0], but it is a little hacky. I would imagine moxie won't condone an 'official' bridge to matrix, given his stance on federated chat. Also: any realistic (short-term) bridges will have to basically be a man-in-the-middle, breaking the end to end crypto. In the (very?) long term MLS [1] may allow for e2ee through a bridge, but that would probably mean that signal has to explicitly support it. Given the track-record of OWS I personally doubt that would happen, but I'm just a random guy from the internet, so what do I know.
I do know that the matrix people are looking at MLS and are willing to implement it in matrix if it finalizes, though they'll currently focus on their own megolm implementation, which is very close to being perfect, from my perspective.
Maybe slightly out of context but: It should be highlighted in <h1> that Riot does not use end to end encryption by default. At least that's how I understand it.
i think the assumption here is that if you are reading an implementor’s guide to e2e encryption, you’ll be doing so because it’s not yet turned on by default (due in part to not all clients implementing it yet).
The details for these for those interested can be found at:
https://github.com/matrix-org/matrix-doc/pull/1703
https://github.com/matrix-org/matrix-doc/issues/1267
https://github.com/matrix-org/matrix-doc/pull/1544
and
https://github.com/matrix-org/matrix-doc/pull/1756