top | item 46953142

(no title)

It may have been easy to miss them! IIRC, we didn't discuss these as explicit "problems", per se, just design trade-offs with particular implications. We even discuss at the end of the second paper whether its worth reconsidering PCS and FS altogether in many circumstances. This is because it is quite common to compose messaging with backup/multi-device setups that undermine (some understandings of) PCS and FS (all over the place, not just in the Matrix ecosystem).

On that note, a quick correction from my side. I suggested that: "But (!) Matrix could get way better authentication guarantees if they just _disabled accepting messages_ from these old sessions at the same schedule as the sender stops using them."

But I think this is way easier said than done because (with the history sharing architecture that is currently used) it is difficult for a fresh device to meaningfully distinguish historical Megolm sessions and active ones. Other designs get around this by re-encrypting the plaintexts rather than the session keys, but this would be quite a big change.

discuss

No comments yet.