-
Notifications
You must be signed in to change notification settings - Fork 370
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC3963: Oblivious Matrix over HTTPS #3963
Open
ghost-amnesiac
wants to merge
15
commits into
matrix-org:main
Choose a base branch
from
ghost-amnesiac:oblivious-moh
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Strong, extensible, and minimal configuration user anonymization through diversity of the Matrix homeserver federation. Proudly written in nano. From: shadesys <@shadesys:matrix.org> Signed-off-by: shadesys <@shadesys:matrix.org> Co-developed-by: ghost-amnesiac <123417798+ghost-amnesiac@users.noreply.github.com> Signed-off-by: ghost-amnesiac <123417798+ghost-amnesiac@users.noreply.github.com>
+ Added "API Endpoint Whitelisting/Blacklisting" + Added "Extensions: 'Hidden Service' Homeservers" + Added "Extensions: Store And Forward" * Miscellaneous corrections * Fixed non-standard Markdown tables From: shadesys <@shadesys:matrix.org> Signed-off-by: shadesys <@shadesys:matrix.org> Signed-off-by: ghost-amnesiac <123417798+ghost-amnesiac@users.noreply.github.com>
* More minor corrections for formatting issues that slipped through Signed-off-by: ghost-amnesiac <123417798+ghost-amnesiac@users.noreply.github.com>
* Fixed incomplete bit in "Rotating Ephemeral Public Key". Hopefully this is the last correction before reviews Signed-off-by: ghost-amnesiac <123417798+ghost-amnesiac@users.noreply.github.com>
+ Specified /incoming response Content-Type + Add encryption scheme payload sanity check * Moved /relay "200 Response (Plaintext)" to /incoming * Reduced encryption scheme padding range from 40-FF to 10-40 to minimize message overhead * Increased encryption scheme header L parameter size from 8 to 10 bytes so that users can upload more than 16 megabytes at once (now 1 gigabyte) * All hexadecimal values should now be proper hex values * Minor corrections Signed-off-by: ghost-amnesiac <123417798+ghost-amnesiac@users.noreply.github.com>
* Finally renamed the file from 3957 to 3963, sorry about any confusion that may have caused * Disambiguate language in threat models, encryption scheme, and tidbits about base64 + Added encryption padding spec + Added base64 encoding overhead to DPI Fingerprinting Resistance From: shadesys <@shadesys:matrix.org> Signed-off-by: shadesys <@shadesys:matrix.org> Co-developed-by: ghost-amnesiac <123417798+ghost-amnesiac@users.noreply.github.com> Signed-off-by: ghost-amnesiac <123417798+ghost-amnesiac@users.noreply.github.com>
46297d7
to
ea747ed
Compare
There might be some additional security nuances associated with using RSA without DHKE, specifically surrounding how to pad the RSA-encrypted header to protect against chosen plaintext attacks (since standard RSA doesn't use an IV). MSC3963 is going back to draft status until we can look into them further. |
richvdh
reviewed
Mar 3, 2023
+ Added "On P2P Matrix / Pinecone" * Fully refactored encryption scheme header standard to reduce size overhead * Placeholder API version changed from "r0" to "v1" * Minor formatting corrections From: shadesys <@shadesys:matrix.org> Signed-off-by: shadesys <@shadesys:matrix.org> Co-developed-by: ghost-amnesiac <123417798+ghost-amnesiac@users.noreply.github.com> Signed-off-by: ghost-amnesiac <123417798+ghost-amnesiac@users.noreply.github.com>
4c65e5d
to
aab8cd1
Compare
9c11ac0
to
d0b7e3f
Compare
From: shadesys <@shadesys:matrix.org> Signed-off-by: shadesys <@shadesys:matrix.org> Signed-off-by: ghost-amnesiac <123417798+ghost-amnesiac@users.noreply.github.com> * Committing some old, backed-up updates to the "Proposal" usage flow. It should now properly use the new encryption scheme and no longer contradict itself in various places due to bits that remained from when the encryption scheme was centered around the remote HS TLS cert. * Minor language tweaks
d0b7e3f
to
d4894e3
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
client-server
Client-Server API
kind:feature
MSC for not-core and not-maintenance stuff
needs-implementation
This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP.
proposal
A matrix spec change proposal
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Strong, extensible, and minimal configuration user anonymization through diversity of the Matrix homeserver federation.
From: shadesys <@shadesys:matrix.org>
Signed-off-by: shadesys <@shadesys:matrix.org>
Co-developed-by: ghost-amnesiac 123417798+ghost-amnesiac@users.noreply.github.com
Signed-off-by: ghost-amnesiac 123417798+ghost-amnesiac@users.noreply.github.com
Rendered