Open weeman1337 opened 4 years ago
For those who want to make a PR, the server on https://github.com/ortuman/jackal has support for this, you can probably reuse code from there.
OMEMO is always good (tm) but there are always caveats with it, especially if you are using multiple clients.
But @weeman1337 do you really think it makes much difference to use OMEMO only until it reaches Matterbridge and then transport everything to an unencrypted IRC/Slack etc? Obviously there can not be true e2ee with a bridge unless you use pure client side encryption like OTR or PGP.
But @weeman1337 do you really think it makes much difference to use OMEMO only until it reaches Matterbridge and then transport everything to an unencrypted IRC/Slack etc?
From my side it really makes sense. At the moment I cannot use matterbridge. My goal is to connect a Matrix Channel and a XMPP MUC. If both support encryption it is okay for me.
Sure in the case that someone adds something like IRC to the bridge the encryption is more or less pointless.
But the OLM encryption of Matrix and OMEMO in XMPP are incompatible. Thus it would have to be decrypted on the Matterbridge server and converted. Thus it would falsely claim the text to be end to end encrypted, while in reality the Matterbridge admin could read every message in clear text.
There would be the slight advantage that the xmpp server and the matrix server could in theory not intercept the messages, so if you only run your own Matterbridge but depend on 3rd party chat servers this would make things better for you (only).
How likely is it for the matterbridge admin to be a third party who is not in the room/MUC while the room/MUC has to be added in the config file?
I don't see Matterbridge decrypting messages on a remote server that much different from someone running Profanity on a remote server and assuming fingerprints were properly verified, the messages are protected from the server administrators.
But the OLM encryption of Matrix and OMEMO in XMPP are incompatible. Thus it would have to be decrypted on the Matterbridge server and converted. Thus it would falsely claim the text to be end to end encrypted, while in reality the Matterbridge admin could read every message in clear text.
Correct. I am aware of the fact that the message has to be decrypted and encrypted again on the Matterbridge. But this is better than having nothing. Assuming that I am running the Matterbridge on a trusted system.
But the OLM encryption of Matrix and OMEMO in XMPP are incompatible.
Pantalaimon exists for this usecase. I have a similar need as @weeman1337, i have an encrypted matrix room and an OMEMO-encrypted xmpp room i would like to bridge.. I think an omemo proxy might work but I don't know of any
This XMPP library could be helpfull to add omemo support: https://github.com/mellium/xmpp (original repository: https://codeberg.org/mellium/xmpp) Mellium will receive omemo support: https://nlnet.nl/project/Mellium/ It could be very interesting to start implementing this library.
I want like to have the messages from/to xmpp to be encrypted.
Describe the solution you'd like Optional OMEMO support that can be enabled via the config.