Comment by angry_octet
3 years ago
Commentry from tptacek: https://twitter.com/tqbf/status/1575259743278563329
on this paper: https://nebuchadnezzar-megolm.github.io/
3 years ago
Commentry from tptacek: https://twitter.com/tqbf/status/1575259743278563329
on this paper: https://nebuchadnezzar-megolm.github.io/
Thanks.
Worth reading the response from Matrix as well (https://matrix.org/blog/category/security).
My first reactions are to wonder how many of these issues are associated with federated (as opposed to fundamentally decentralized) group chat in general. Matrix seems to be taking the position that some of these issues ultimately relate to trust vs lack thereof in the homeserver as a bottleneck.
I also wondered if there was a good security model for federated or decentralized group chat at all at the moment. I can't remember offhand if Briar was adding groups or not, but that's not federated.
What do you mean by "unwilling to fix"? They published a blog post addressing the exact issues you brought up.
https://matrix.org/blog/2022/09/28/upgrade-now-to-address-en...
They don't, and they haven't. The flaws, like being able to add servers without every participant trusting them, require a deeper redesign.