@IzzyOnDroid @cstross yeah... Unfortunately the DMA...

IzzyOnDroid's posts Post Back to profile

@cstross yeah... Unfortunately the DMA still doesn't have an answer about how they're magically going to make e2ee work across platforms. This is gonna be a bit messy

Like 11 Aug 2023 at 17:15 | Wall-to-wall | Open on infosec.exchange

5 comments

Dawid Rejowski

@dymaxion @IzzyOnDroid @cstross

Using the same encryption protocol (like MLS, just standardized by IETF) or client-side bridging.

11 Aug 2023 at 18:25 | Open on 101010.pl

Eleanor Saitta

@didek
If they use the same protocol, you end up with both lowest common denominator security and making it largely impossible to add features — and that's assuming interop even works. Client side bridging requires that every client implement every protocol, yielding the superset of vulnerabilities — and that's before we start dealing with how you present so many different sets of features in the UI in usable ways. Then we get to talk about how anti-spam is going to work in an ecosystem like this, not to mention impersonation, etc.
@IzzyOnDroid @cstross

Expand text...

11 Aug 2023 at 19:26 | Open on infosec.exchange

Dawid Rejowski

@dymaxion @IzzyOnDroid @cstross

I can recommend to watch ideas how to deal with that on the DMA panel that Matrix(.org) uploaded recording of: https://www.youtube.com/watch?v=FDnUJXzVn3s

Of course it's going to be hard job.

11 Aug 2023 at 22:30 | Open on 101010.pl

Eleanor Saitta

@didek
Do they have it in not-video?
@IzzyOnDroid @cstross

12 Aug 2023 at 6:03 | Open on infosec.exchange

IzzyOnDroid ✅

@dymaxion Will certainly be something like with ChatControl: not breaking or weakening the encryption while still being able to read the contents 🙊 💨

11 Aug 2023 at 18:40 | Open on floss.social