Skip to content
This repository was archived by the owner on Sep 11, 2024. It is now read-only.

Hide algorithm from the message about turning on encryption#3813

Closed
aaronraimist wants to merge 2 commits into
matrix-org:developfrom
aaronraimist:hide-enc-algo
Closed

Hide algorithm from the message about turning on encryption#3813
aaronraimist wants to merge 2 commits into
matrix-org:developfrom
aaronraimist:hide-enc-algo

Conversation

@aaronraimist

Copy link
Copy Markdown
Contributor

Fixes element-hq/element-web#8829

Before:
Screen Shot 2020-01-07 at 11 34 40 AM

After:
Screen Shot 2020-01-07 at 11 34 54 AM

Signed-off-by: Aaron Raimist <aaron@raim.ist>
Signed-off-by: Aaron Raimist <aaron@raim.ist>

@turt2live turt2live left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code lgtm, just double checking with product (and CI)

@nadonomy

nadonomy commented Jan 7, 2020

Copy link
Copy Markdown
Contributor

Also LGTM! :)

@ara4n

ara4n commented Jan 7, 2020

Copy link
Copy Markdown
Member

might be worth keeping the info around somewhere though (perhaps hidden behind a <details/>)?
what happens if someone sends an m.room.encryption with an unrecognised algorithm? we don't want to claim the room is encrypted if the client then can't actually encrypt for that algorithm.

@uhoreg

uhoreg commented Jan 7, 2020

Copy link
Copy Markdown
Member

I think the information should still be available in the "View Source" for the event, for those who care about it?

@aaronraimist

Copy link
Copy Markdown
Contributor Author

Would need matrix-org/matrix-spec-proposals#2184

@nadonomy

nadonomy commented Jan 7, 2020

Copy link
Copy Markdown
Contributor

I think the information should still be available in the "View Source" for the event, for those who care about it?

This seems reasonable. Is it tractable for us to also display the encryption algorithm being used in Room Settings?

@turt2live

Copy link
Copy Markdown
Member

(shouldn't need spec support - we can render whatever we want)

@aaronraimist

aaronraimist commented Jan 7, 2020

Copy link
Copy Markdown
Contributor Author

what happens if someone sends an m.room.encryption with an unrecognised algorithm? we don't want to claim the room is encrypted if the client then can't actually encrypt for that algorithm.

This would be something for another issue. This problem already exists.
Screen Shot 2020-01-07 at 11 57 11 AM

The room appears to be encrypted (shows icons and stuff) but doesn't let me send anything.

@uhoreg

uhoreg commented Jan 7, 2020

Copy link
Copy Markdown
Member

I think that for the average end-user, just removing the algorithm is no worse than what we have security-wise, since they don't know what algorithm is right. We should probably have another issue for displaying an error message for when the algorithm is something we don't understand. The room decoration should probably also be something that reflects that we don't understand the encryption algorithm (maybe the same decoration as an unencrypted room?).

So my vote would be to merge this as-is, and create new issues for dealing with unknown algorithms.

@turt2live

Copy link
Copy Markdown
Member

This is blocked on design/product oversight to settle the <details> or no <details> argument.

@jryans jryans requested a review from nadonomy January 16, 2020 11:16
@jryans

jryans commented Jan 16, 2020

Copy link
Copy Markdown
Collaborator

This is blocked on design/product oversight to settle the <details> or no <details> argument.

I've requested @nadonomy's review in hopes of getting a decision on this.

@jryans jryans removed the request for review from nadonomy January 16, 2020 17:58
@jryans

jryans commented Jan 16, 2020

Copy link
Copy Markdown
Collaborator

While chatting more with @ara4n, he would like to have some kind of handling of unknown algorithms at the same time as the propose hiding here. I think he came up with a decent approach:

  • When the algorithm is the one we expect (m.megolm.v1.aes-sha2), hide the algorithm as in this existing PR: %(senderName)s turned on end-to-end encryption.
  • For anything else, show the algorithm as unrecognised: %(senderName)s turned on end-to-end encryption (unrecognised algorithm %(algorithm)s).

@aaronraimist, could you update the PR to that, if it seems reasonable to you as well?

@jryans jryans removed the blocked label Jan 16, 2020
@jryans

jryans commented Jan 24, 2020

Copy link
Copy Markdown
Collaborator

@aaronraimist, thanks again for working on this! We've decided we want to have this resolved for FOSDEM, so I've opened #3936 with the approach mentioned above. Sorry for the delay in reaching as decision here.

@jryans jryans closed this Jan 24, 2020
@aaronraimist aaronraimist deleted the hide-enc-algo branch March 15, 2020 19:21
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Can we hide the algo used when turning on encryption

6 participants