New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Option to only send encrypted messages to verified devices #2313

Closed
richvdh opened this Issue Sep 20, 2016 · 5 comments

Comments

Projects
None yet
4 participants
@richvdh
Member

richvdh commented Sep 20, 2016

Probably at the per-room level. Shared across all users, or per-user?

@vext01

This comment has been minimized.

Show comment
Hide comment
@vext01

vext01 Nov 25, 2016

We've just discussed this very issue.

It worries me that an unverified party can silently intercept encrypted messages undetected.

vext01 commented Nov 25, 2016

We've just discussed this very issue.

It worries me that an unverified party can silently intercept encrypted messages undetected.

@vext01

This comment has been minimized.

Show comment
Hide comment
@vext01

vext01 Nov 25, 2016

And this is not a bug unique to vector-web

vext01 commented Nov 25, 2016

And this is not a bug unique to vector-web

@ArdaXi

This comment has been minimized.

Show comment
Hide comment
@ArdaXi

ArdaXi Nov 25, 2016

I would suggest having this per-user. Primarily because it empowers the user to increase security for their own messages without having to have the necessary room privileges.

Would be nice if this were supported for the entire room as well, but that's a Matrix spec issue too.

ArdaXi commented Nov 25, 2016

I would suggest having this per-user. Primarily because it empowers the user to increase security for their own messages without having to have the necessary room privileges.

Would be nice if this were supported for the entire room as well, but that's a Matrix spec issue too.

@ara4n

This comment has been minimized.

Show comment
Hide comment
@ara4n

ara4n Dec 22, 2016

Member

Just to confirm: this is very much on our radar, but we're also having to juggle all other issues coughed up by the beta - i.e. the Unknown Inbound Session ID bugs, verifying devices, and giving folks the ability to backup & restore E2E state. It will be coming RSN, and yes, it does pose a serious issue (as do the others).

Member

ara4n commented Dec 22, 2016

Just to confirm: this is very much on our radar, but we're also having to juggle all other issues coughed up by the beta - i.e. the Unknown Inbound Session ID bugs, verifying devices, and giving folks the ability to backup & restore E2E state. It will be coming RSN, and yes, it does pose a serious issue (as do the others).

@ara4n

This comment has been minimized.

Show comment
Hide comment
@ara4n

ara4n Feb 8, 2017

Member

i did this.

Member

ara4n commented Feb 8, 2017

i did this.

@ara4n ara4n closed this Feb 8, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment