|
|
|
|
|
|
by martinralbrecht
1281 days ago
|
|
|
A quick comment on this, we did address this in our paper: "In environments where cross-signing and verification are enabled, adding a new unverified user adds a warning to the room to indicate that unverified devices are present. However, it is possible for a homeserver to add a verified user to rooms without changing the security properties of the room. This allows a colluding homeserver and verified user to eavesdrop on rooms not intended for them. In other words, the warning regarding unverified devices is independent to whether the device is intended to participate in the specific room. Finally we note that users may, of course, simply ignore warnings." https://nebuchadnezzar-megolm.github.io/static/paper.pdf |
|
|