Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

[20200921] Expose forced-on E2EE through a /versions flag or something #8311

Closed
turt2live opened this issue Sep 14, 2020 · 5 comments · Fixed by #8343
Closed

[20200921] Expose forced-on E2EE through a /versions flag or something #8311

turt2live opened this issue Sep 14, 2020 · 5 comments · Fixed by #8343
Assignees
@clokep

Comments

@turt2live
Copy link
Member

Capabilities are probably wrong for this, and we don't yet have an info API. For speed, I'd recommend a /versions flag of io.element.e2ee_forced for clients to check.
@turt2live turt2live mentioned this issue Sep 14, 2020
Closed
@neilisfragile
Copy link
Contributor

Release blocker tag because it needs to make it into a release before the end of September, though ideally the implementation would be done much sooner to unblock @turt2live

@erikjohnston erikjohnston changed the title Expose forced-on E2EE through a /versions flag or something [20200921] Expose forced-on E2EE through a /versions flag or something Sep 17, 2020
@clokep clokep self-assigned this Sep 17, 2020
@clokep
Copy link
Member

clokep commented Sep 17, 2020

From discussions elsewhere, this seems related to the encryption_enabled_by_default_for_room_type flag, which controls whether newly created local rooms use E2EE by default or not.

This essentially has three values:

  • All rooms get created with E2EE by default.
  • All private rooms get created with E2EE by default.
  • The defaults are unmodified.

We could expose that in the configuration, but unfortunately it seems more than just a True/False value.

@turt2live
Copy link
Member Author

this is where I wish we had an info endpoint :(

Can we do two flags to represent all and private? If both are false/not present then it's safe to assume the server won't manipulate the behaviour.

Something like:

{
  "io.element.forced_e2e.everywhere": true,
  "io.element.forced_e2e.private_only": true
}

io.element.forced_e2e.everywhere when true implicitly means io.element.forced_e2e.private_only is enabled. Similarly, when io.element.forced_e2e.everywhere is missing then it is implied false, which forces the client to look at io.element.forced_e2e.private_only

This should make the server implementation something along the lines of (I don't know python well):

if config['encryption_enabled_by_default_for_room_type'] != 'off':
    unstable_features["io.element.forced_e2e.everywhere" if config['encryption_enabled_by_default_for_room_type'] == 'all' else "io.element.forced_e2e.private_only"] = True

@clokep
Copy link
Member

clokep commented Sep 17, 2020

@turt2live Yes, we can do that -- would it make more sense to have a separate flag for private and public? Something like:

{
    "io.element.forced_e2e.public": true,
    "io.element.forced_e2e.private": true,
}

It is a bit less implicit.

@turt2live
Copy link
Member Author

yea, that should be fine. The client will know what presets its about to use anyways :D

@clokep clokep mentioned this issue Sep 17, 2020
Merged
@clokep clokep closed this as completed Sep 22, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@clokep clokep

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add flags about whether new rooms are encrypted by default. matrix-org/synapse
3 participants
@neilisfragile @clokep @turt2live