MSC4161: Crypto terminology for non-technical users #4161
+451
−0
There are no files selected for viewing
|
There was a problem hiding this comment. Overall review: The MSC appears to describe features and requirements of Element, and assumes that all clients in the ecosystem have similar or comparable features/needs. The assumptions read fine when applying this MSC to an Element client, but when comparing to the spec there feels like there's a gap in understanding. Significant review from other client authors/developers, and their respective product/design teams, I think would be extremely valuable to help ensure this MSC does not solely apply to Element. This kind of review may need to be chased down as it's somewhat uncommon for a product-y MSC to be in the spec process. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -83,6 +83,13 @@ clients SHOULD document how they deviate from this document, and why. | |
|
|
||
| ### Devices | ||
andybalaam marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| **Note: this section depends on [MSC4153](https://github.com/matrix-org/matrix-spec-proposals/pull/4153) | ||
| - Exclude non-cross-signed devices, which specifies clients should avoid sending | ||
| and receiving encryption info with devices that are not cross-signed by their | ||
| owner ("insecure" devices in our terminology). While MSC4153 remains unmerged, | ||
| the parts of this section relating to insecure devices should be considered | ||
| non-normative.** | ||
andybalaam marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| Instances of a client are called 'devices' (not 'sessions'). Aligned with | ||
| [MSC4153](https://github.com/matrix-org/matrix-spec-proposals/pull/4153), we take it as granted that all devices have been cross-signed by the | ||
| user who owns them, and we call these **devices**. | ||
|
|
@@ -116,7 +123,24 @@ cryptography to understand. | |
| ⚠️ Avoid mentioning "device keys" - a device is just secure or not. | ||
|
|
||
| ⚠️ Avoid "session" to mean device. Device better describes what most users | ||
| encounter, and is more commonly used in other messaging apps. | ||
|
|
||
| #### Logging out | ||
|
|
||
| In contrast to some other services, **logging out** (or **signing out**) of a | ||
| Matrix device is quite a significant operation: it means the encryption data on | ||
| this device is lost, and if you log out of all devices you will need to use your | ||
| recovery key to re-establish your identity and regain access to your old | ||
| messages. | ||
|
|
||
| If using a trusted physical device, the right choice for a user may well be not | ||
| to log out, but simply to close the app or browser and re-open it later. This | ||
| preserves their identity and their access to message history. | ||
|
|
||
| > "Are you sure you want to log out?" | ||
|
|
||
| > "If you log out of all devices, you will lose access to message history and | ||
| > will need to reset your identity." | ||
|
|
||
| ### Verified user | ||
|
|
||
|
|
@@ -170,7 +194,18 @@ fact we confirm identity cryptographically is usually irrelevant to the user. | |
| ### Identity | ||
|
|
||
| A user's **identity** is proof of who they are, and, if you have verified them, | ||
| proof that you have a secure communication channel with them. Your own identity | ||
| proves who you are, and gives you access to key storage. | ||
|
|
||
| Technical note: we use "identity" here to describe a collection of keys: the | ||
| master signing key, user signing key, device signing key, key storage key and | ||
| others. | ||
|
|
||
| Your identity allows you to be identified by other users, and also allows you to | ||
| access key storage and therefore see message history. This identity may be | ||
| stored on the server by using recovery. The recovery key is not part of your | ||
| identity, but allows you to re-establish your identity if you lose all your | ||
| devices. | ||
|
|
||
| > When a non-verified user resets their identity: | ||
| > "Warning: Alice's identity has changed." | ||
|
|
@@ -189,6 +224,9 @@ proof that you have a secure communication channel with them. | |
| > can create a new identity. (Warning: you will lose access to your old | ||
| > messages!)" button text (in red or similar): "Reset my identity" | ||
|
|
||
| > "Are you sure you want to reset your identity? You will lose access to your | ||
| > message history." | ||
|
|
||
| ⚠️ Avoid saying "master key" - this is an implementation detail. | ||
|
|
||
| ⚠️ Avoid saying "Alice reset their encryption" - the reason that Alice's identity | ||
|
|
@@ -234,67 +272,70 @@ don't have access to this message**. | |
|
|
||
| Your **message history** is a record of every message you have received or sent, | ||
| and is particularly used to describe messages that are stored on the server | ||
| rather than your device(s). Where messages are encrypted, the message keys are | ||
| required to be able to read them, so "message history" includes those keys, | ||
| which are held in key storage. | ||
|
|
||
| ### Key storage | ||
richvdh marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| **Key storage** means message keys that are kept on the server, so that they can | ||
| be shared with the user's other devices (including new devices added in the | ||
| future). | ||
|
|
||
| The keys inside key storage are themselves encrypted, so that the server | ||
| operator is not able to access them and read your messages. | ||
|
|
||
| > "Allow key storage" | ||
|
|
||
| > "Key storage holds the keys that allow you to read your message history." | ||
|
|
||
| > "Message history is unavailable because key storage is disabled." | ||
|
|
||
| ⚠️ Avoid using "key backup" to talk about storing message keys: this is too | ||
| easily confused with exporting keys or messages to an external system. Key | ||
| storage is for day-to-day use (reading message history), not a redundant store | ||
| for disaster recovery. | ||
|
|
||
| ⚠️ Avoid talking about more keys: "the backup key is stored in the secret | ||
| storage, and this allows us to decrypt the messages keys from key backup". | ||
| Instead, we simply say that both identity and message keys are | ||
| stored in key storage. | ||
|
|
||
| ### Recovery | ||
|
|
||
| Recovery is useful when a user loses all their devices (or logs out of them | ||
| all). | ||
|
|
||
| If **recovery** is enabled, the user's identity is saved on the server, allowing | ||
| them to recover it if they lose all their devices. This in turn allows them to | ||
| recover their key storage and see message history. To recover their identity the | ||
| user must enter the **recovery key**. | ||
|
|
||
| The server is not able to read or manipulate the saved identity, because it is | ||
| encrypted using the recovery key. | ||
|
|
||
| If a user loses their recovery key, they may **reset** their identity. Unless | ||
| they have old devices, they will not be able to access old encrypted messages | ||
| because the new identity does not have access to the old key storage. | ||
|
|
||
| A **recovery key** (or **recovery code**) is a way of re-establishing your | ||
| identity if you lose all your devices. This in turn allows you to access key | ||
| storage, and therefore see message history. If you re-establish your identity | ||
| instead of resetting it, other users won't see "Alice's identity has changed" | ||
| messages, and you will be able to read your message history, even if you logged | ||
| out everywhere or lost your devices. | ||
|
|
||
| A **recovery passphrase** is an easier-to-remember way of accessing the recovery | ||
| key and has the same purpose as the recovery key. | ||
|
|
||
| > "Write down your recovery key in a safe place" | ||
|
|
||
| > "If you lose access to your devices and your recovery key, you will need to | ||
| > reset your identity, meaning you will lose all your message history" | ||
|
|
||
| ⚠️ Avoid "4S" or "quad-S" - these are not descriptive terms. | ||
|
|
||
| ⚠️ Avoid using "security key", "security code", "master key". A | ||
| recovery key allows "unlocking" the key storage, which is a "box" that is on the | ||
| server, containing your identity and message keys. It is used to | ||
| recover the situation if you lose access to your devices. None of these other | ||
|
|
@@ -313,13 +354,72 @@ from the usage here. The recovery key described in this section is referred to | |
| in the spec as the | ||
| [secret storage key](https://spec.matrix.org/v1.8/client-server-api/#secret-storage). | ||
|
|
||
| #### Losing the recovery key | ||
|
|
||
| If the user loses their recovery key, they no longer have a way to recover their | ||
| identity. | ||
|
|
||
| If the user still has a secure device, then that device has its own copy of the | ||
| identity information, so they can **change recovery key** without losing their | ||
| identity, meaning other users will not see "Alice's identity has changed", and | ||
| they will be able to continue using key storage to access message history. | ||
|
|
||
| Note: users should be encouraged to change their recovery key if they have forgotten | ||
| their recovery key, because they are in a precarious position - if they lose | ||
| access to their device, they will be forced to reset their identity and lose | ||
| message history. | ||
|
|
||
| If the user does not have a device, or all their devices are insecure, then they | ||
| will need to reset their identity, meaning other users | ||
| see "Alice's identity has changed", and they lose access to their old key | ||
| storage, meaning they cannot read message history. | ||
|
|
||
| > "If you lose your recovery key you can generate a new one if you are signed in | ||
| > elsewhere" | ||
|
|
||
| ⚠️ Distinguish between "Reset identity" and "Change recovery key" - these are | ||
| very different actions: resetting identity is destructive, whereas changing | ||
| recovery key from a device that holds the full identity information is benign. | ||
|
|
||
| ## Potential issues | ||
|
There was a problem hiding this comment. The MSC should address why it's important that all clients use the same language, and why the language of the MSC is generic enough to fit the language and feel of all client applications. An app which has a less professional feel may prefer to use different terms for brand identity/recognition, for example. This MSC feels a bit too prescriptive for all audiences. A common language feels important to me, regardless of audience impact, but the MSC does not really tell me why I should feel that way. There was a problem hiding this comment. I had a go here: b44397b . Is that something like what you hoped for? There was a problem hiding this comment. @turt2live are you happy to resolve this thread? |
||
|
|
||
| Lots of existing clients use a whole variety of different terminology, and many | ||
| users are familiar with different terms. Nevertheless we believe that working | ||
| together to agree on a common language is the only way to address this issue | ||
| over time. | ||
|
|
||
| ## Alternatives | ||
|
|
||
| ### Device vs. Session | ||
|
|
||
| There is debate over the use of the word "device" to identify an instance of a | ||
| client. Objections to "device" include: | ||
|
|
||
| * Multiple apps on the same physical device will be listed as separate devices, | ||
| which may cause confusion. | ||
| * Logging out and in on the same physical device will result in a new "device" | ||
| being created. | ||
| * Some applications, especially on Web, use "session" for this concept. | ||
|
|
||
| The most popular alternative is "session". Objections to "session" include: | ||
|
|
||
| * It is an unfamiliar word for non-technical users: they have no metaphor to | ||
| work with to understand it. | ||
| * It has multiple existing alternative meanings within Matrix. | ||
|
|
||
| "Device" was chosen in the proposal because: | ||
|
|
||
| * It is familiar from similar messaging apps. | ||
| * It has a clear meaning in everyday speech, giving users a stepping-stone | ||
| towards understanding what it means in this context. | ||
| * For novice users, it corresponds well with the everyday meaning: when they | ||
| first engage with Matrix, they will use one "device" per physical device. | ||
| * The extension to think of multiple virtual "devices" on a physical device is | ||
| simple and familiar from other applications. | ||
| * Messaging apps are increasingly used on mobile devices, especially as the | ||
| first point of contact, and "device" is commonly used in mobile apps. | ||
| * The spec uses "device" for precisely this concept, which is a bonus. | ||
|
|
||
| ## Further work | ||
|
|
||
| Several other concepts might benefit from similar treatment. Within | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Implementation requirements (in my opinion):
The research may be done through studies or deployment to a portion of the user base with analytics to show "easier" use of the app.