Element-web: Option to only send encrypted messages to verified devices
Probably at the per-room level. Shared across all users, or per-user?
richvdh
All 5 comments
We've just discussed this very issue.
It worries me that an unverified party can silently intercept encrypted messages undetected.
vext01
on 25 Nov 2016
And this is not a bug unique to vector-web
vext01
on 25 Nov 2016
I would suggest having this per-user. Primarily because it empowers the user to increase security for their own messages without having to have the necessary room privileges.
Would be nice if this were supported for the entire room as well, but that's a Matrix spec issue too.
ArdaXi
on 25 Nov 2016
Just to confirm: this is very much on our radar, but we're also having to juggle all other issues coughed up by the beta - i.e. the Unknown Inbound Session ID bugs, verifying devices, and giving folks the ability to backup & restore E2E state. It will be coming RSN, and yes, it does pose a serious issue (as do the others).
ara4n
on 22 Dec 2016
i did this.
ara4n
on 9 Feb 2017
Related issues
lukebarnard1
路
3Comments
t3chguy
路
3Comments
ara4n
路
3Comments
turt2live
路
3Comments
n-o-o-b
路
3Comments
Most helpful comment
Just to confirm: this is very much on our radar, but we're also having to juggle all other issues coughed up by the beta - i.e. the Unknown Inbound Session ID bugs, verifying devices, and giving folks the ability to backup & restore E2E state. It will be coming RSN, and yes, it does pose a serious issue (as do the others).