Hi there,
I've been working on E2EE implementation and specifically the Crypto Store on Android at this moment.
Would you mind having a conversation with us sooner rather than later?
Some of your assertions in the README.md are incorrect and there is also a lot of thinking (even for non-crypto experts) on how the different implementation approaches will result in different user experiences and I don't think it's possible for you to design a meaningful implementation without at least some discussion regarding our roadmap and UX goals for the feature.
Additionally, we are not intending to generate/distribute keys via the web server. We are implementing a local crypto store and currently generating those keys using libOlm. (matrix.io) There has been much discussion on the pros/cons of using the MegaOlm approach (Partial Forward Secrecy not ideal) vs Signal (a lot of keys and messages to send) vs WhatsApp (relayed via single primary device) especially when expressing it to the user as user-user messages (w/ group messages in the future) as opposed to device-device. Getting this into the web client will be another can of worms as it's unclear how we should establish a secure local store for the keys in a browser session. (Hence focusing on the iOS/Android app first)
We have a discord server - I'd be happy to bring you up to speed but ultimately you really need to discuss this with Eugen and possibly the app developers like Griska.
Hi there,
I've been working on E2EE implementation and specifically the Crypto Store on Android at this moment.
Would you mind having a conversation with us sooner rather than later?
Some of your assertions in the README.md are incorrect and there is also a lot of thinking (even for non-crypto experts) on how the different implementation approaches will result in different user experiences and I don't think it's possible for you to design a meaningful implementation without at least some discussion regarding our roadmap and UX goals for the feature.
Additionally, we are not intending to generate/distribute keys via the web server. We are implementing a local crypto store and currently generating those keys using libOlm. (matrix.io) There has been much discussion on the pros/cons of using the MegaOlm approach (Partial Forward Secrecy not ideal) vs Signal (a lot of keys and messages to send) vs WhatsApp (relayed via single primary device) especially when expressing it to the user as user-user messages (w/ group messages in the future) as opposed to device-device. Getting this into the web client will be another can of worms as it's unclear how we should establish a secure local store for the keys in a browser session. (Hence focusing on the iOS/Android app first)
We have a discord server - I'd be happy to bring you up to speed but ultimately you really need to discuss this with Eugen and possibly the app developers like Griska.