!boLskYiwabbCQNNhlK:sw1v.org

End-to-end crypto in Matrix

1379 Members
Discussion around implementing and using encryption in Matrix via Olm/Megolm | Spec work and reference impl work in #e2e-dev:matrix.org211 Servers

Load older messages


Timestamp Message
8 Nov 2019
15:49:51@richvdh:sw1v.orgrichvdhI wish I could find the article that kicked this off
15:49:59@richvdh:sw1v.orgrichvdhI think it was by Nadim Kobeissi
15:51:29@uhoreg:matrix.orguhoreg
In reply to @chloride:matrix.org
in my opinion, I would prefer full deniability and loss of forward secrecy in prekeys than the other way around.
Unger's strong deniability paper only came out last year, so obviously came after olm/megolm was designed. But I'll throw it onto my to-read pile to see if we can use it.
15:52:15@richvdh:sw1v.orgrichvdhhttps://github.com/matrix-org/matrix-js-sdk/pull/243 no prizes there for past me
15:54:01@chloride:matrix.orgchloride
In reply to @uhoreg:matrix.org
Unger's strong deniability paper only came out last year, so obviously came after olm/megolm was designed. But I'll throw it onto my to-read pile to see if we can use it.
I will read it tomorrow as well, seems like a good read
15:54:41@uhoreg:matrix.orguhoregYou know it's a good paper when it has 20 pages of proofs. :P
16:02:16@olmari:hacklab.fiSami Olmari

in my opinion, I would prefer full deniability and loss of forward secrecy in prekeys than the other way around.

What would not have forward secrecy mean in prekeys context

16:09:52@chloride:matrix.orgchlorideIt means that if an adversary has compromised a prekey, then past generated prekeys can be computed and compromised as well\.
16:11:56@olmari:hacklab.fiSami OlmariThat what I kind of guessed after asking.. That's why I think that is as important as other methods of revealing alice and bob has chat... Not that I have any idea would it be possible to have both in this context
16:30:03@chloride:matrix.orgchloride
In reply to @olmari:hacklab.fi
That what I kind of guessed after asking.. That's why I think that is as important as other methods of revealing alice and bob has chat... Not that I have any idea would it be possible to have both in this context
No I do not agree with you that it is as important. If Alice starts a conversation with Bob about how bad the government is and Alice wants to be a good citizen, hands over the transcript including her identity key pair, she can frame Bob and have him thrown in jail because there is evidence Bob said those things. With weak forward secrecy you do not have that problem. You can bypass the government listening in by sending two dummy messages back and forth and then talk about illegal stuff.
22:21:07@richvdh:sw1v.orgrichvdh
In reply to @chloride:matrix.org
But Alice can publish the transcript and prove that she was talking to Bob since Bob signed the one-time key, or am I missing something?
I was thinking about this again
22:21:11@richvdh:sw1v.orgrichvdhI don't think it's correct
22:23:04@richvdh:sw1v.orgrichvdhif Alice gives the transcript to a third-party, she cannot prove that she didn't make the whole thing up
22:23:57@richvdh:sw1v.orgrichvdhshe could equally well make up a transcript with Bob never being involved
22:25:10@richvdh:sw1v.orgrichvdh the only thing she can show is that Bob could have decrypted her pre-key messages if he received them
22:26:15@richvdh:sw1v.orgrichvdh(I may still be wrong...)
9 Nov 2019
08:59:13@chloride:matrix.orgchlorideI guess you are right because when Bob wants to send a message back to Alice he sends his ratchet public key which could be forged by alice.
10:50:23@chloride:matrix.orgchlorideHowever I am just reading at https://matrix.org/docs/spec/appendices#signing-json that the sender's homeserver adds an ed25519 signature to a JSON event. But then Alice can still proof that Bob's homeserver sended that public ratchet key right?
10:55:35@richvdh:sw1v.orgrichvdhYes, I think that's right
22:12:54@randomstroll:matrix.orgrandomstroll joined the room.
10 Nov 2019
01:16:06@PC-Admin:perthchat.orgPC-Admin joined the room.
17:47:04@j_aj:matrix.orgj_aj joined the room.
11 Nov 2019
06:10:35@andrew.mcswain:matrix.organdrew.mcswain joined the room.
15:37:59@kirosaima:tedomum.netkirosaima left the room.
12 Nov 2019
11:14:58@swedneck:permaweb.ioswedneck:permaweb.io changed their display name from swedneck:permaweb.io to testin.
11:21:59@swedneck:permaweb.ioswedneck:permaweb.io changed their display name from testin to testing.
13:30:41@wlg:matrix.orgwlg joined the room.
14:52:58@swedneck:permaweb.ioswedneck:permaweb.io changed their display name from testing to swedneck:permaweb.io.
13 Nov 2019
10:23:00@PC-Admin:perthchat.orgPC-Admin left the room.
14:58:23@lulu:luluroth.uber.spacelulu joined the room.

There are no newer messages yet.


Back to Room List