Open joepie91 opened 3 years ago
Run homeserver that requires E2EE for private rooms
Not required per se, but encryption_enabled_by_default_for_room_type: invite
(as opposed to off
).
Run homeserver that requires E2EE for private rooms
Not required per se, but
encryption_enabled_by_default_for_room_type: invite
(as opposed tooff
).
This setting isn't actually used by Synapse, it just gets passed through to the clients in the /versions
response. If this is the setting that causes an issue, it sounds like a client bug to me.
Actually, we do use those config options when generating a room, so the ball may in fact be in Synapse's court:
The default value is off
, but when set to invite
will indeed end up generating an encrypted room due to explicitly using PRIVATE_CHAT
as a preset: https://github.com/matrix-org/synapse/blob/9dde9c9f01ff8ed4c60314f10d97261739ea0547/synapse/handlers/room.py#L435-L445
We note that the preset setting is quite arbitrary, as we'll overlay the state from the previous room. We could solve this specific case by switching the preset from PRIVATE to PUBLIC, though I think a better solution would just be to create a room without any state other than the bare minimum - then overlay the old room's relevant state on top.
That would be a better solution for upgrades. However having looked at this a bit more since posting my first reply, this is clearly a bug that affects more than just room upgrades. Creating any sort of private room in Element with this setting set to to invite
creates a room with E2EE enabled, even if Encryption is specifically switched off in the room creation dialog in Element. This is not the behavior I'd expect from a setting that just sets a "default", at least. Is that a separate issue?
@jonaharagon Hrm, you're right. Clients can only indicate that they want encryption by sending m.room.encryption
as part of the initial state during /createRoom
. They can't currently explicitly indicate that they don't want encryption.
Turning this option on will add a m.room.encryption
state event to the room if one is not already present. That is effectively forcing it on, and you're right in that the option's name and description don't currently reflect that. It sounds like the branding of it needs to be changed a bit, and that would be a separate issue yes.
Since Issue https://github.com/matrix-org/synapse/issues/14719 was determined to be a duplicate of this issue, I am proposing that the /upgraderoom
command have a flag to keep a room in its current state of un-Encrypted after it is upgraded when this is the desired result of upgrading an un-Encrypted room.
Also this issue might need a title revision as public & private rooms can BOTH be E2EE.
Description
(Note: I'm filing this issue on behalf of someone else, who can't currently file issues, so I don't have direct access to the homeserver in question.)
When Synapse is configured to require E2EE for private rooms, then when a public room is upgraded through that homeserver, it is erroneously marked as end-to-end encrypted. According to TravisR:
Automatically enabling E2EE for the upgraded room should only occur for private rooms, instead.
Steps to reproduce
/upgraderoom 6
in Element Web/DesktopVersion information
If not matrix.org:
Version: unknown
Install method: unknown
Platform: unknown