Comments (7)
Duplicate of #975
from matrix-spec.
Knowingly opening duplicates of an issue is not a good way of persuading people to your cause. Honestly, it just makes you look like a spammer.
from matrix-spec.
I do not think this issue is a duplicate, as it is about discussing the importance of PQC in Matrix, unlike #975 which is discussing how to adopt PQC in Matrix after it will be tackled. In my opinion, how important a given thing is is not the same thing as how to do that given thing.
from matrix-spec.
Knowingly opening duplicates of an issue is not a good way of persuading people to your cause. Honestly, it just makes you look like a spammer. -- @richvdh (#1868 (comment))
This issue is meant to be about whether this is actually a problem and if it is then it's supposed to be actionable on the the urgency and management of issues alike #975 to address the problem rather than the problem itself, adjusted the wording to make this more understandable.
from matrix-spec.
I don't think it's a controversial stance to expect the importance of an issue to be discussed on that issue, rather than opening a completely separate issue. Otherwise we might as well have two copies of every issue in our tracker.
from matrix-spec.
I don't think it's a controversial stance to expect the importance of an issue to be discussed on that issue, rather than opening a completely separate issue. Otherwise we might as well have two copies of every issue in our tracker. -- @richvdh (#1868 (comment))
The problem of Post-Quantum Safety ("PQS") is publicly known since like 2018 (published by iacr in 2017 and known about in the Computer Science since 90s) where most projects that are serious about privacy and security has implemented management e.g. OpenSSH, SimpleX, Signal and Lokinet. By 2019 it was reported to matrix (element-hq/element-web#8889) and by 2022 it was correctly triaged in matrix-spec where it seems to be treated as "nice to have thing" to this day instead of "shit hit the fan" that this problem seems to require and imho should have been proactively handled by 2019 max.
This is just not enough, this problem basically defeats the encryption of all harvested data as soon as efficient enough Quantum Computer gets in the hands of a threat actor where based on my tests yesterday and gathering statistics from home server admins it's realistic to collect more than 8 GB of encrypted data in 12 hours where judging by matrix's popularity we can probably sanely assume that a global adversary is already doing this in a much larger scale and for much longer.. That to me is a privacy and security nightmare that each day after it's disclosure in 2018 expands exponentially on severity project-wise and impact on the users as the longer this goes the more sensitive data can be harvested from the users that we have no way of retroactively fixing as we would need a physical access to the threat actor's system to remove them.
This is why this issue exists, beyond the threat to the common user matrix is projected to be used for critical infrastructure in the EU where many banks are already using it and NATO members such as the German Bundeswehr are already known to be using Conduit.rs for their mission-critical and sensitive information in their operation and that's why i believe that we should be focusing a lot more resources into managing this problem as soon as possible which is all that this issue is about.
from matrix-spec.
This all feels like discussion which should be held on #975 - I'm not seeing a distinction between the comments here and the scope of #975.
I'm locking this to encourage the conversation to move to the other issue.
from matrix-spec.
Related Issues (20)
- All APIs should have a dedicated "Unsupported Endpoints" section HOT 1
- `X-Matrix` Authorization header format summary does not mention comma whitespace rules HOT 6
- auth_events and prev_events arrays of v1 PDU are flattened
- Seperate space permissions for adding and removing rooms
- Collapsible sections in the table-of-contents HOT 1
- Clarify Room ID requirements HOT 5
- `GET /client/publicRooms` is marked as not requiring auth, despite Synapse requiring it by default. HOT 2
- Wrong implementation version in appservice ping endpoint HOT 3
- `/logout` does not take a request body, which is inconsistent HOT 1
- Matrix 1.11 HOT 8
- How should an appservice opt-out of providing an endpoint? HOT 4
- Order field in m.tag is a float even though Canonical JSON forbids floats HOT 2
- Handlebars in API description files HOT 1
- Cannot Register using API after 2 weeks of trying HOT 2
- "Requires authentication" phrasing can be confusing
- Consider adopting the Apache voting scale for FCP
- Pre-filtering load limits are not discussed in the spec
- Rate-limiting behaviour is not well-defined for clients in the Client-Server API
- Behaviour of restricted rooms with no valid conditions is not clear HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from matrix-spec.