search

element-hq / dendrite

Dendrite is a second-generation Matrix homeserver written in Go!
https://element-hq.github.io/dendrite/
GNU Affero General Public License v3.0
33 stars 5 forks source link

Option to disable encryption for local DMs #3351

Closed matrixbot closed 2 weeks ago

matrixbot commented 2 weeks ago

This issue was originally created by @alex9434 at https://github.com/matrix-org/dendrite/issues/3351.

Description:

I suggest to enable a setting in dendrite.yaml to have all DMs between users on the local server unencrypted by default. DMs to users on other servers should be encrypted by default.

Rationale: Chats between local users are only stored on the local server and therefore can be protected on the server level. Encryption adds unnecessary overhead (e.g. using multiple devices) and also makes it impossible to audit/document chats for companies.

matrixbot commented 2 weeks ago

This comment was originally posted by @S7evinK at https://github.com/matrix-org/dendrite/issues/3351#issuecomment-2035431484.

This is more about the client sending the create event. Dendrite doesn't choose to encrypt or not.

Disabling E2EE while the UI shows that it's going to be an encrypted chat feels wrong.

matrixbot commented 2 weeks ago

This comment was originally posted by @alex9434 at https://github.com/matrix-org/dendrite/issues/3351#issuecomment-2035999174.

My assumption was that Dendrite would be the best to understand whether this the DM is created between two local users. The client might not know whether the user is local or via federation. My proposal would not be to show in the UI the chat is encrypted while in reality it is not. Instead I suggest a configuration setting (e.g. overwrite encryption request for local DMs) that converts a request from a client to create an unencrypted DM if both users are local on the server. The client would then show that the DM is unencrypted.

matrixbot commented 2 weeks ago

This comment was originally posted by @0x00cl at https://github.com/matrix-org/dendrite/issues/3351#issuecomment-2067769989.

This doesn't make much sense. End-to-end encryption makes sure only the sender and the reciever can write/read messages. So not even your homeserver should read/modify your messages. That isn't unnecessary overhead.

Also from my understanding this is not a server related option.

matrixbot commented 2 weeks ago

This comment was originally posted by @S7evinK at https://github.com/matrix-org/dendrite/issues/3351#issuecomment-2366803732.

Sorry, but this is something we'll not implement.