Since Matrix (and thus BundesMessenger?) currently doesn't provide standard security guarantees for its end-to-end encryption (the mitigation to the "Simple confidentiality break" from https://nebuchadnezzar-megolm.github.io/ is still in the design phase; same for the IND-CCA break, but that doesn't seem exploitable in practice) I wonder how much the German government cares about E2EE for its civil servants? The blog post mentions E2EE prominently, but any insights to share on whether that mattered for this particular adoption?
Arathorn|3 years ago
Meanwhile, BWI is helping fund the work needed to address clientside controlled room membership (https://github.com/matrix-org/matrix-spec-proposals/pull/391...) as highlighted in your paper, as well as TOFU... and they're also funding work to provide MLS as an option for E2EE in Matrix too[2].
Unsure why you're talking about the unexploitable IND-CCA break :)
[1] https://matrix.org/blog/2022/05/16/independent-public-audit-...
[2] https://www.golem.de/news/bwmessenger-vom-messenger-der-bund...
martinralbrecht|3 years ago
PS: I talked about the seemingly unexploitable IND-CCA vulnerability because it means Matrix can't give you some security guarantees: It should be fine - we don't have an exploit, only a vulnerability - but it is not clear how to reason to arrive at "there cannot be an exploit". If you care about security guarantees, you care about it.
walterbell|3 years ago
Good news that BWI is funding a Matrix implementation of the multi-vendor IETF standard MLS group messaging E2EE protocol.
The (translated to English) linked reference doesn't mention MLS, is it correct?