synapse
synapse copied to clipboard
element-hq
Store E2EE Keys without an additional password
This issue has been migrated from #12386.
E2EE seems to be the way forward. Which i consider to be a good thing.
But not all users (or all use-cases) are paranoid about E2EE. There are some issues open to disable E2EE enforcement or at least nudging on Homeserves (e.g. https://github.com/matrix-org/synapse/issues/4367, https://github.com/matrix-org/synapse/issues/4551 https://github.com/matrix-org/synapse/issues/4401).
Matrix seems to get a lot of traction in Corporate Environments (or similar environments like universities, schools, kindergarten) where e2ee is considered to be important but usability is considerable a key factor as well. Having the possibility to use e2ee and not disable it and still be able to participate in a federated environment (even with a warning) could be beneficial to such considerations and generally help the push towards e2e.
An solution would be to enable the possibility to use the Key Storage without an additional password. Just store it. Maybe even warning the user user, that this might pose an security risk to store it without encryption. It might even be considerable to differentiate between "highly secure" and "secure" conversations according to the way users have chosen to store their e2ee keys.
The option should be made available. Onboarding and training procedures for larger user numbers, 10k+, are almost impossible. The hurdles and issues of messages becoming unavailable in case of loss or "unintentional" resets are enormous. The habit of having all messages available on all devices without logging in greatly impedes a secure process, to the point where acceptance approaches zero. If Matrix is to spread, certain mechanisms must temporarily be optional for the sake of user-friendliness.
Matrix seems to get a lot of traction in Corporate Environments
I wanted a quick communication tool for the company I work at (family business, more of less), and suggested Matrix/Element. While it's great, the constant key and E2EE nagging gets on the nerves. For the Desktop app I could simply recompile it with these features disabled, but doing the same for Android and even more iOS is a chore for something that maybe I and 3 other people will use. I hope such things can be made optional in future releases.
We are stuck with the same problem here. It is all great, but the usability problem is really tough.
We are currently doing authentication to the system via Keycloak OIDC, and I while I second the requirements above, it would also be great to extend the inital "verify device" (as depicted below in the german version)
with an option such that authentication via oidc simply suffices to decrypt the e2ee key.
I have the same issue. In a small home or corporate environment, E2EE will be error prone for users and possibly not required. Having a configuration option to allow for providing the (decrypted) E2EE key (stored on server) with OIDC or like OR disabling EE22 would be a huge benefit. While I understand the implications that this eliminiates E2EE, it may not be wanted in all environments/setups.
