-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement MSC3061: Sharing room keys for past messages on Invite #39
Comments
SCOPE UPDATEThere are some scalability issues with sending the keys for the full history, as well as several edge cases. We don't want to fix all of them on existing SDKs (mobile, web). So for existing SDKS the main goal is to |
Do we think implementation of MSC3061 should include web? element-hq/element-web#22999 is a web UI task for room history key sharing that is currently biting a customer fairly badly. If we could include this task here it would be helpful. |
I'm reasonably sure this is already implemented on web. AFAICT element-hq/element-web#22999 is just a bug, not a missing implementation. EDIT 2024-06-13: this is no longer true, because the Rust crypto stack doesn't implement it; tracked at element-hq/element-web#26867 |
We consider this feature important. Without it using Matrix for collaboration in a business setting is cumbersome.
What needs to happen to get this MSC moving again, so it can be merged, and find its way to clients and servers? |
I agree with what has been said above. We also chose Matrix but didn’t pay much attention to this issue at the beginning, and now we really need this feature. It would be great to hear some timelines, if possible. |
A guesstimate for when the security disclosure will be made would be nice. Depending on the potential attack vector the risks may be mitigated or accepted. Without the disclosure we don't know. |
I agree that this feature is very important, but @thoraj , did you intend your last comment to be sent here? If so, what kind of security disclosure do you mean? As I understand, a vulnerability was not a topic here. |
@mpeter50 Sorry for not providing context. My reference to a disclosure is based on a comment made in #e2e:matrix.org today. Apparently the MSC is blocked awaiting a security disclosure and having the issue resolved. |
We're working on this now, so the disclosure should come in the next couple of weeks. |
@dkasak Any updates for this? We are receiving complaints about this being flaky for our customer, and we are curious to know what the issue/disclosure is about, and how we can address this? |
Yes, sorry, I wanted to post an update but failed to find this particular issue. The reason this was blocked was disclosed today in https://matrix.org/blog/2024/10/security-disclosure-matrix-js-sdk-and-matrix-react-sdk/ and the associated advisories. The plan forward is outlined in this section. |
The text was updated successfully, but these errors were encountered: