Are there known vulnerabilities or a document pointing issues about the e2ee protocol used by Matrix ? If no, how can it be categorized as vulnerable to MITM attacks ?
Edit : Just to be clear, I will be happy to be proved wrong and to be corrected. Maybe it's already in the link you sent me, I should have read them before answering this.
Edit 2 : yup, no issues about the Signal e2ee or MITM attacks in your links :
- https://x.com/kaepora/status/1810611336675565934 isn't about e2ee but endpoint security
- https://x.com/kaepora/status/1828466690897703359 is a bunch of opinions with nothing technical and where we don't even know half of the real story, why do you link this ?
- https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html is about a not near futur issue which is also under work by the Signal team, and which is not about a current e2ee issue.
ck0
npub1s8…2lvmy
2024-09-05 19:42:39 UTC
in reply to nevent1q…uqap
Author Public Key
npub1s8m8lfvlxz6jk2sw7654q4hgregaplavqlz6p6zqyrkzkwag83cqp2lvmySeen on
wss://relay.momostr.pinkPublished at
2024-09-05 19:42:39 UTCEvent JSON
{
"id": "e68ecf483c4dff5d501c6bc077acab7ee6e2200973b31457f68c3d80da7dce40",
"pubkey": "81f67fa59f30b52b2a0ef6a95056e81e51d0ffac07c5a0e84020ec2b3ba83c70",
"created_at": 1725565359,
"kind": 1,
"tags": [
[
"p",
"44393ff8ca21edda8e7e510a2d8aef91e6b71ff38969a69b356215bfb42bac19"
],
[
"p",
"81f67fa59f30b52b2a0ef6a95056e81e51d0ffac07c5a0e84020ec2b3ba83c70"
],
[
"e",
"da86dd945ecb931809ddb0c46ab5b48e6878d7c03562b1abc002e3c3c442b7ad",
"",
"root",
"44393ff8ca21edda8e7e510a2d8aef91e6b71ff38969a69b356215bfb42bac19"
],
[
"e",
"56eaaed4cc481fb8b07a9a2a169fca8071a0d420a8eee718a2f50dbdb60a57ee",
"",
"reply",
"44393ff8ca21edda8e7e510a2d8aef91e6b71ff38969a69b356215bfb42bac19"
],
[
"proxy",
"https://tech.lgbt/@ck0/113086651408380505",
"web"
],
[
"proxy",
"https://tech.lgbt/users/ck0/statuses/113086651408380505",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://tech.lgbt/users/ck0/statuses/113086651408380505",
"pink.momostr"
],
[
"-"
]
],
"content": "Are there known vulnerabilities or a document pointing issues about the e2ee protocol used by Matrix ? If no, how can it be categorized as vulnerable to MITM attacks ?\n\nEdit : Just to be clear, I will be happy to be proved wrong and to be corrected. Maybe it's already in the link you sent me, I should have read them before answering this.\n\nEdit 2 : yup, no issues about the Signal e2ee or MITM attacks in your links : \n- https://x.com/kaepora/status/1810611336675565934 isn't about e2ee but endpoint security\n- https://x.com/kaepora/status/1828466690897703359 is a bunch of opinions with nothing technical and where we don't even know half of the real story, why do you link this ?\n- https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html is about a not near futur issue which is also under work by the Signal team, and which is not about a current e2ee issue.",
"sig": "7f627bad9a65dc4d5f92c0c2446c22187d6abfdfdd222057fde555fb5c4b6db130bec5f890189d5d6945808d2ea0dfa6fa9db7c6b086dd3eac4799ad6027d18f"
}