Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for encryption in group chats (SPEC-292) #589

Closed
matrixbot opened this issue Dec 7, 2015 · 5 comments
Closed

Support for encryption in group chats (SPEC-292) #589

matrixbot opened this issue Dec 7, 2015 · 5 comments
Labels
e2e feature Suggestion for a significant extension which needs considerable consideration spec-omission implemented but not currently specified

Comments

@matrixbot
Copy link
Member

m.room.encrypted events work as a proof-of-concept to demonstrate that we can transfer data securely between clients, but this:

  • does not scale to more than a few devices per room
  • is incompatible with any sort of history visibility (even the original recipients of a message can only read a message once)

The draft e2e spec contains some initial ideas about a design, but this needs fleshing out.

As an alternative approach, it would also be interesting to consider a very simple encryption protocol, whereby there is a single shared secret for each room, which is used as a key for a cipher. This secret could be shared between participants using 1:1 Olm channels. The main disadvantage of such an approach is that it does not offer Forward Security, or privacy from departed members, without regular rekeying. This opens further questions: when would you rekey, and who is responsible for initiating such a process?

(Imported from https://matrix.org/jira/browse/SPEC-292)

(Reported by @richvdh)
@matrixbot
Copy link
Member Author

Jira watchers: @richvdh

@matrixbot
Copy link
Member Author

matrixbot commented Dec 7, 2015
edited
Loading

Links exported from Jira:

is blocked by #443
relates to #501

@matrixbot
Copy link
Member Author

matrixbot commented Dec 7, 2015
edited
Loading

Currently, the draft spec is missing details on the transport to be used by the proposed messages: what event types would be required, and what fields would they have?

Another thing that is missing is the ability for room admins to configure security. This is the subject of #590.

-- @richvdh

@matrixbot
Copy link
Member Author

For anyone interested in following progress here, I've started some notes on the design of this at https://docs.google.com/document/d/1igtE-wd7f7dXlGgo52ivt-omFmtDVNMTtlQ7-sD1Ofg.

-- @richvdh

@matrixbot matrixbot added the e2e label Oct 28, 2016
This was referenced Oct 28, 2016
Closed
Closed
Closed
@matrixbot matrixbot changed the title Support for encryption in group chats Support for encryption in group chats (SPEC-292) Oct 31, 2016
@matrixbot matrixbot added the feature Suggestion for a significant extension which needs considerable consideration label Nov 7, 2016
@richvdh richvdh added the spec-omission implemented but not currently specified label Mar 29, 2017
@Zil0 Zil0 mentioned this issue Jul 18, 2018
Merged
@uhoreg
Copy link
Member

uhoreg commented Aug 24, 2018

Fixed by #1284

@uhoreg uhoreg closed this as completed Aug 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
e2e feature Suggestion for a significant extension which needs considerable consideration spec-omission implemented but not currently specified
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@uhoreg @richvdh @matrixbot