Invisible Crypto | configure key sharing strategy based on labs feature flag

element-hq / element-web

A glossy Matrix collaboration client for the web.

https://element.io

GNU Affero General Public License v3.0

11.2k stars 2k forks source link

Invisible Crypto | configure key sharing strategy based on labs feature flag #28038

Closed BillCarsonFr closed 1 month ago

BillCarsonFr commented 1 month ago

Part of Invisible Crypto.

For element-web, we want a setting in config.json to enable the new key distribution mode.

This setting should be OFF, by default.

This setting controls how end-to-end encryption (E2E) keys are shared. Enabling it will prevent the inclusion of devices that have not been explicitly verified by their owners.

See IdentityBasedStrategy Can be configured via the EncryptionSettings structure, see here https://github.com/matrix-org/matrix-js-sdk/blob/60cedf2fdbe22951389e55c7e766785137a19d8c/src/rust-crypto/RoomEncryptor.ts#L237

uhoreg commented 1 month ago

I just saw that you made this issue. I've already done some of this as part of https://github.com/element-hq/crypto-internal/issues/362 https://github.com/matrix-org/matrix-js-sdk/pull/4407 is the js-sdk part, which defines a crypto mode. Then in the React SDK, I have added a new setting:

    "feature_invisible_crypto": {
        isFeature: true,
        labsGroup: LabGroup.Encryption,
        controller: new InvisibleCryptoController(),
        displayName: _td("labs|invisible_crypto"),
        supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS_WITH_CONFIG_PRIORITISED,
        supportedLevelsAreOrdered: true,
        default: false,
    },

(where InvisibleCryptoController sets the crypto mode in the JS SDK). I'm not sure if we just need a flag for turning on invisible crypto, or if we need to select between legacy, transition mode, or invisible crypto.

richvdh commented 1 month ago

Suspect we need at least a couple of different settings here, since some deployments want to be quite aggressive with the rollout (they are happy to assume that all devices are signed), whilst others want to experiment with the new features whilst still remaining compatible with the ecosystem.

richvdh commented 1 month ago

Suspect we need at least a couple of different settings here, since some deployments want to be quite aggressive with the rollout (they are happy to assume that all devices are signed), whilst others want to experiment with the new features whilst still remaining compatible with the ecosystem.

For the record: this seems incorrect, at least at the EW level. We think that the things that were proposed for "transition mode" can be introduced without the need for a separate switch.

~~https://github.com/element-hq/matrix-react-sdk/pull/50~~ ~~https://github.com/element-hq/matrix-react-sdk/pull/92~~ is doing the work to add this to the react sdk.