| 14 Jun 2019 |
 Maximus | The document does not have the spec in scope | 12:14:10 |
| Maximus | there is much to say about the spec itself | 12:14:18 |
 @mat:tout.im | it does a bit at the beginning regarding what are in ids | 12:15:12 |
| Maximus | Maybe I am a bit rough, but again, the point is not to justify why they failed on the points we brought up, or give an excuse of why it hasn't been done yet | 12:15:37 |
| Maximus | the document explains what is happening. If you think it's not big deal for you, then we are very happy - you could make an informed descision | 12:16:00 |
| @mat:tout.im | yep agreed that's a good document for that | 12:16:11 |
| @mat:tout.im | and I am really not happy about certain points indeed | 12:16:24 |
| @mat:tout.im | BTW I think this fix one of the point at the end: | 12:17:03 |
| @mat:tout.im | https://github.com/matrix-org/synapse/pull/5374 | 12:17:04 |
| @mat:tout.im | # if neither trusted_key_servers nor perspectives are given, use the default. | 12:17:49 |
| @mat:tout.im | so you can avoid it by specifying an empty trusted_key_servers | 12:18:21 |
| Maximus | That's all we care about. The document doesn't cover all the problematic points tho. It only brushes the surface. How you can abuse the protocol is a whole different matter and way too technical. We would be wasting our time like we have for years. The protocol is a whole different matter which we no longer believe NV can take in a direction we feel good. So we just forked. Forking is totally fine. We can do what we want, they can do what they want, all is good. | 12:18:23 |
| Maximus | The doc is really about how the whole self-hosting route leads to such an overwhelming and constant leak of private data and metadata. | 12:19:02 |
| Maximus | They are very different matters, and best not to be mixed up | 12:19:11 |
| Maximus | In reply to @mat:tout.im
so you can avoid it by specifying an empty trusted_key_servers Yes, but then it's also out of scope of the paper: it's all about how things are with default settings | 12:20:15 |
| @mat:tout.im | the last bold statement on this is unfair TBH. | 12:24:00 |
| @mat:tout.im | in the doc | 12:24:05 |
| @mat:tout.im | We have confirmed that removing the hard-coded values from the
source code and all possible configuration options does not prevent
synapse from exchanging data with other servers in a secure manner to
the best of our knowledge. We have been running such a setup on some of our Homeservers for several months without any issue. | 12:24:10 |
| @mat:tout.im | that's not true since this commit at least | 12:24:28 |
| @mat:tout.im | I mean it's true, but using an empty option disables it | 12:24:57 |
| @mat:tout.im | so a bit unfair | 12:25:04 |
| Maximus | The statement says: if you remove the hardcoding, nothing breaks. you can still talk to federation, still secure. Some reviewers brougt up a question if removing the hardcoded value would break synapse, or make it less secure | 12:25:32 |
| Maximus | it has nothing to do with the config option | 12:25:38 |
| @mat:tout.im | if removing the harcoded value (the line, not the whole option) it is ok | 12:26:03 |
| Maximus | There is nothing bold about it: we are running such a setup since v0.99 on 5 servers to be precise, all is fine. We tried some MitM attacks that would hightlight breaking the security, they didn't work like expected | 12:27:01 |
| @mat:tout.im | nono I jsut mean your point is moot since this commit, it was perhaps true before | 12:27:44 |
| Maximus | I have written a Matrix homeserver already, and Gridepo will also be a Matrix Homeserver soon enough. The statement is no bold or anything, and we have the knowledge required to make it. | 12:27:50 |
| @mat:tout.im | bold = in bold lol | 12:27:53 |
| Maximus | oh :) | 12:27:58 |
| @mat:tout.im | ;-) | 12:28:05 |
