-
-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Megolm P2P Cross-Verification and Encryption #424
Comments
How would the messages look in practice? |
After decryption, the plaintext message is displayed like a normal chat message, possibly with an icon which indicates the encryption status of the message. Megolm handshake messages are completely hidden by default, but a debug switch might be used to show them.
For the server or vanilla players, the encrypted messages will appear to be garbled similar to the existing symmetrically encrypted messages, although for standardization it is best to use some sort of header. A mockup for an encrypted message could look like this:
( It could also be possible to compress ciphertext via Unicode encoding. |
Overall I am not opposed to this proposal, especially given how well it's laid out. However, my biggest concern with it is the neccessity of sending messages automatically on behalf of a player for the purpose of session establishment, without that player's manual input. This can break in many ways (for instance, due to chat rate limits on a given server), and players may not understand what has gone wrong or why the mod tried to send a message without their input in the first place. I have rejected many potential encryption systems in the past based on this concern, as I do not have any ideas at the time regarding how we can make the design intuitive for most users. If you have a good suggestion regarding how we can handle this, feel free to put it forward. |
Active peer discovery is difficult to implement given that there is usually only one shared communication channel. As it is, there are three suggested main approaches to this problem, and it may be possible to implement several in tandem and let the user choose based on their use case:
It is also important to consider that active peer discovery is mutually exclusive with deniability of using third-party communication channels, as the server can potentially impersonate a player to test whether a player has a mod implementing such a protocol enabled. Probing, DoS resistance, and deanonymization attacks are important factors to consider too. Determining exactly how much data can be safely exchanged via out-of-band channels like skins without interfering with other popular mods can be helpful for brainstorming theoretical relay negotiation methods. |
the encryption is really coming from "lets encrypt so microso_ er mojang studios dosent read are messages"to "lets desighn a inband asymetric encryption system for minecrafy chat with palsible deniablity and active peer discovery or pasive peer discoverly via skin pixels but out-of-band-ish or useing upnp to dox users but encrypting messages"(okay seriesly dont use the upnp and instead use onion adresses |
Idea
Alternative to #300, #246, #234. Before anyone asks, no, this is not a joke idea.
Instead of a symmetric key, use the Double Ratchet algorithm combined with the Olm/Megolm scheme to negotiate keys and encrypt chat messages between players using NCR. (This doesn't imply sending messages over Matrix due to size inefficiencies, it only uses the Megolm encryption.)
Reasoning
Advantages:
Disadvantages:
Other Information
No response
The text was updated successfully, but these errors were encountered: