LWN: Comments on "France enters the Matrix"

France enters the Matrix

notriddle — Sat, 23 Feb 2019 17:07:24 +0000

How is that comparable? It only affected Avast products, not all intercepting HTTPS proxies, and, based on what I'm reading in https://bugzilla.mozilla.org/show_bug.cgi?id=1523701, it's an actual bug, not an antifeature like the Chrome proposal. This isn't Firefox removing the ability to add your own root cert, this is Firefox bumping sqlite, causing a mismatch between its version and Avast's version that led to a corrupted cert database.

Some quick questions

Arathorn — Fri, 22 Feb 2019 23:15:41 +0000

just to clarify on answer 2: identity servers simply map 3PIDs (e.g. email addresses) to MXIDs. They do not provide a directory service; homeservers provide this instead. The only exception is if the identity server implementation gutwrenchs into the rest of the protocol to override directory lookup APIs which would otherwise be provided by the homeserver.

Some quick questions

Arathorn — Fri, 22 Feb 2019 23:13:54 +0000

These are excellent questions.

1. Migration is currently a matter of using a script or other tool to invite your new account to all the rooms your old account was in, and then (optionally) parting the old account. It's a bit like migrating between IMAP servers, and generally cumbersome and suboptimal. We're trying to replace it by decentralising user IDs, so that user accounts can span multiple servers, at which point we get migration for free. This is https://github.com/matrix-org/matrix-doc/issues/1228.

2. There isn't a global user directory. Directories are instead done per homeserver, and search all users you share with a room with (or are present in public rooms existent on that server). In practice tends to work relatively well, though, as on a busy homeserver, many of the users you want to find will already be hanging out in public rooms (a bit like on IRC).

3. You have to run a TURN server, but we provide easy instructions for how to do so, and most of the docker or ansible setups automate this: https://github.com/matrix-org/synapse/blob/master/docs/tu.... We don't have the same problems that Jami has due to the thinclient nature. Even when we go fully P2P this shouldn't be a problem, given TURN & ICE is pretty straightforward (mainly due to pre-Matrix us being a VoIP stack shop...)

France enters the Matrix

Arathorn — Fri, 22 Feb 2019 23:10:00 +0000

Well, the last half of the talk in the OP is discussing how we've implemented ZRTP-style verification for E2E, so that even if the servers can't be trusted, you still have trust through to the end parties you're talking to. So yes, we'd prefer not to be moving to conventional CAs, it's probably for the greater good right now (as fun as it'd be to be burning time reinventing CAs rather than building Matrix).

Some quick questions

wiml — Fri, 22 Feb 2019 22:08:45 +0000

1: My understanding is that, no, a user account is tied to a homeserver, much like an email address is tied to an email provider; there are plans to make it possible to move or share user ids at some point in the future.

Rooms, on the other hand, are IRC-like in that they aren't associated with any specific server but exist on all servers which have a participant.

2: That's handled by "identity providers" which are sort of outside the core Matrix protocol, and provide a mapping from third-party identifiers (email addresses, phone numbers, personal names, or other identifiers) to matrix user IDs. I don't know what the state of play is for those, really. They exist and have client integration but I think the system is still more of a usability hack than a polished design.

Some quick questions

callegar — Thu, 21 Feb 2019 08:56:32 +0000

- Does the matrix allow users to migrate from one homeserver to another? The problem with decentralized services is that often you cannot know well all the decentralized service providers to immediately make the best choice among them. Furthermore, their lasting through time may not be guaranteed.

- Does the matrix allow you to search users globally? I really think that one of the reasons for the success of things like skype or facebook is the fact that you can rapidly build your own network of people to communicate with by searching them (with them only accepting being searched). Without global searches, someone must first tell you how to find him/her.

- Do you need to configure the connection to a turn server in order to be able to use it from natted connections or is nat traversal autoconfigured (as it is in skype, whatsapp, etc)? For instance, one of the issues with ring/jami is that (at least in my experience) it cannot be used reliably on machines that are moving around like laptops/mobile phones as way to often you get an internet connection from which the application stops working.

France enters the Matrix

donbarry — Thu, 21 Feb 2019 03:38:12 +0000

Is anyone else increasingly uncomfortable with the "we'll solve the certificate problem by deferring to centralized registrars that surely keep their keys private from state actors."

I mean, this is potentially not a risk if there is a recognizable way of communicating low-bandwidth fingerprints of the next encryption level, like ZRTP verification on voice. But note how WebRTC has done the same thing? And efforts to solve the problem are talked about and then, somehow, nothing ever happens with the standards.

It's enough to drive one paranoid.

France enters the Matrix

smitty_one_each — Sat, 16 Feb 2019 15:10:15 +0000

That was pretty much what I wanted to know. Thanks!

France enters the Matrix

Arathorn — Fri, 15 Feb 2019 22:17:31 +0000

Mastodon is a particular client for the ActivityPub protocol. Matrix is a protocol in its own right. Mastodon gives you a twitter-like interface; most Matrix clients give you a Slack- or Discord-like interface. You could bridge between them though :)

France enters the Matrix

rahvin — Fri, 15 Feb 2019 19:39:34 +0000

Isn't that exactly what's described in the article? Matrix gives the AV scanner the decryption key for that single attachment only, not for the session, not for the conversation and not for the user.

France enters the Matrix

gebi — Fri, 15 Feb 2019 14:47:20 +0000

> * If the attachment is PGP encrypted, then the MUA has to hand the scanner the encrypted keys to that particular attachment so that the scanner can do its job.

It would be awesome if it would support to give out just the ephemeral keys for this particular attachment and not just sending the keys of the user.

France enters the Matrix

smitty_one_each — Thu, 14 Feb 2019 14:47:38 +0000

How (if at all) would Matrix relate to Mastadon?

I have thought of moving away from the Usual Social Media toward something freer, but haven't made the leap yet.

France enters the Matrix

nim-nim — Wed, 13 Feb 2019 13:18:38 +0000

And to avoid singling out Chromium devs

https://news.slashdot.org/story/19/02/04/1430259/mozilla-...

Browsers will fight to the death to protect website interests (advertising flows), but do not care about protecting user interests, and define mechanisms that let users deploy whatever protection engine they choose. And we all know the Internet is such a safe place and websites can be trusted not to push any malware user-side.

France enters the Matrix

nim-nim — Tue, 12 Feb 2019 19:18:45 +0000

Middleboxes work that way due to client design choices.

It would have been trivial to add a signature layer to https (much easier than the changes in http/2 or 3) to make sure content could not be tampered with, just blocked if the scanning detected evil things.

It would also have been trivial to separate cleanly the certificate used by the middlebox, from the certificate of the original website (after all as soon as you relay signatures, you can check securely those signatures have been generated by the private key of the original website, you do not need the same cert on the middlebox).

But, none of it can happen without client cooperation, and browser people hate anything that can filter what cloud giants intend to feed to users. So they've been quietly making sure the only setup they support is impersonating websites via certificate hijacking, while complaining publicly middleboxes are terminally broken.

Lately they've started interfering with filtering extensions that run within the browser
https://bugs.chromium.org/p/chromium/issues/detail?id=896...

France enters the Matrix

nybble41 — Tue, 12 Feb 2019 16:22:06 +0000

> That's pretty much a direct port of the AV mechanisms smtp servers and web proxies use .... Replace "Matrix" with proxy or "middlebox" and you'd have the usual people complaining it is an architectural mistake and scanning should be done by endpoints.

The problem with middleboxes has nothing to do with the way they communicate with AV services. Why not reuse that interface?

The main problem with MitM proxies—even when done "properly", with a private CA root certificate installed on the endpoints—is that it defeats all the security measures built in to the clients by replacing the original server's credentials with fake credentials generated by the proxy. The MitM proxy is also in a position to tamper with the content, not just passively observe the traffic and block content that triggers the filter. This could be done better if the client and the proxy worked together (share ephemeral decryption keys with a trusted and authenticated proxy but still require end-to-end encryption and authentication) but so far no one has implemented that.

The Matrix system does not suffer from these flaws since it only shares the files themselves with the scanning service. The service can't impersonate arbitrary clients or modify file content, and it can't see anything other than the files to be scanned.

France enters the Matrix

Arathorn — Tue, 12 Feb 2019 16:06:05 +0000

Yes, the AV scanner is backed by ICAP, which is the standard built for scanning contents in web proxies etc.

However, the novelty here is that unlike HTTP or SMTP, the scanning is done in a manner that works in an E2E-encrypted-by-default network. I guess the equivalent for email would be:

* Have your MTA strip off attachments and store them in IMAP or some other content repository
* Refuse to let MUAs access those attachments other than by proxying them through an AV scanner
* If the attachment is PGP encrypted, then the MUA has to hand the scanner the encrypted keys to that particular attachment so that the scanner can do its job.
* The scanner runs entirely operationally isolated from the MTA.

As far as I know, nobody has ever built such a system for email, probably because E2E encryption is far from commonplace on email, and doesn't lend itself to scanning specific attachments (given PGP acts on the whole envelope, rather than each attachment being separately encrypted).

It's worth noting that whilst we're going to spec the API for doing this dance (i.e. formalise the stuff in https://github.com/matrix-org/matrix-content-scanner#api and add it to the matrix spec), this API will of course categorically *not* be compsulsory. It's just providing a hook for content scanning for those users (e.g. France) for whom it's a requirement, such that Matrix clients can perform such scanning in a consistent way.

It's an interesting debate as to whether this should be a network service in the first place, or performed clientside - for France, they have so many different AV services and requirements in play that limiting themselves only to clientside scanning is a no-starter.

France enters the Matrix

nim-nim — Tue, 12 Feb 2019 15:20:54 +0000

That's pretty much a direct port of the AV mechanisms smtp servers and web proxies use (in fact I'd be really surprised, if the AV function was not performed by systems initially designed for use with http(s) proxies).

Replace "Matrix" with proxy or "middlebox" and you'd have the usual people complaining it is an architectural mistake and scanning should be done by endpoints.

France enters the Matrix

Cyberax — Tue, 12 Feb 2019 10:15:31 +0000

https://en.wikipedia.org/wiki/Freedom_of_information_laws... ?

Commercial companies often also have to retain communications to comply with various legal requirements. Slack (that was mentioned in TFA) has support for it.

France enters the Matrix

corsac — Tue, 12 Feb 2019 10:06:11 +0000

Can you point us to the laws you're referring to? I heard about such laws for the US, but I'm unsure about France.

France enters the Matrix

Arathorn — Mon, 11 Feb 2019 21:00:58 +0000

Tom: many thanks for the comprehensive write-up! :)

In case anyone reading this feels interested in checking out Matrix, please be sure to check out https://riot.im/develop rather than https://riot.im/app. https://riot.im/develop is the next generation of the flagship Riot matrix client which I demoed during the talk - we're planning on releasing it as Riot 1.0 on Thurs Feb 14, so it's nearly ready to go, and hopefully gives a much better idea of the direction things are headed than the old app.

France enters the Matrix

Arathorn — Mon, 11 Feb 2019 20:55:15 +0000

Matrix is effectively a conversation archive in its own right, so no bot is needed to store the messages themselves. In terms of handling freedom-of-information requests for E2E messages: this is an open question currently, given it would of course undermine the E2E encryption. IANAL, but perhaps one solution could be to legally obligate the user to surrender their keys in the face of a FOIA req? Or perhaps if the user archives their history (e.g. for search purposes) somewhere on a trusted device (e.g. a desktop client), this could be be used to service FOIA reqs. But afaik there isn't a conclusion yet on how to address this, and I haven't been involved any discussions about it. (Context: I gave the talk in the article)

France enters the Matrix

Cyberax — Mon, 11 Feb 2019 20:41:28 +0000

How do they deal with message retention mandated by laws? Do they add a logging bot to each conversation?

France enters the Matrix

philipstorry — Mon, 11 Feb 2019 20:04:51 +0000

I like the solution to AV requirements. Enterprises have very different priorities to the ones that security and privacy folks have - and I can't say that any side is absolutely right.
That solution seems like an elegant and reasonable way of doing it.