E2EE clarifications in the aftermath of the 2022-09-28 disclosure

[dkasak]

In the aftermath of https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients, we should make some spec clarifications so that it's harder for a new implementer to repeat the same mistakes. Listing some random ones I've thought of, feel free to edit more in.

• Specify explicitly that all encrypted to-device messages must be encrypted with Olm, not Megolm.

  • Specify mitigations against SAS attack. Namely that

    • An implementation should fix the list of keys it's attempting to verify at the beginning of the operation.
    • The implementation should from that point on refer to those keys solely by citing the public keys themselves, not by their "key IDs".
    • The implementation should first check whether a given key ID is a MSK (referring to a cross-signing user identity), and only then check whether it matches a device.

  • Specify that secrets should only be accepted from your own, trusted devices.

    • Note explicitly that when receiving a secret in an (Olm-encrypted) to-device message, the receiver must check that the device key of the other side of the Olm session ("sender key") matches an own, trusted device.

      It's not enough to check the device ID.

  • Specify what it means for a device to be trusted (i.e. it's when it's verified using cross-signing. Is it anything else?)