Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to matrix-nio library #4292

Open
3 tasks
ulope opened this issue Jun 26, 2019 · 2 comments
Open
3 tasks

Switch to matrix-nio library #4292

ulope opened this issue Jun 26, 2019 · 2 comments
Assignees
@ulope
Labels
Component / Transport Transport related issues State / Investigating For issues that are currently being looked into before labeling further

Comments

@ulope
Copy link
Collaborator

ulope commented Jun 26, 2019
edited
Loading

Abstract

We're currently using the (so far) official matrix-python-sdk (Python package matrix-client) Matrix client library.
This so far doesn't support E2E encryption and probably won't in the foreseeable future.

In private conversation Mathew from Matrix pointed out that matrix-nio is the new preferred library and fully supports E2E encryption (via python-olm).

Motivation

We need to prevent MitM / front running attacks (#473).
E2E encryption is one way of providing this protection (#3893, #4105).

Tasks

  • Investigate the amount of work needed to switch to matrix-nio
  • Plan implementation
  • Implement

Backwards Compatibility

This is purely an internal change.
Possibly some abstraction leakage may require some changes in the services.
@ulope ulope added P1 Component / Transport Transport related issues State / Investigating For issues that are currently being looked into before labeling further labels Jun 26, 2019
@ulope ulope self-assigned this Jun 26, 2019
This was referenced Jun 26, 2019
Open
Closed
@hackaugusto
Copy link
Contributor

Please, also consider removing the dependency cycle among RaidenService and the Transport.

@ulope ulope mentioned this issue Jul 5, 2019
Closed
@rakanalh rakanalh added this to the Ithaca milestone Jul 15, 2019
@ulope ulope mentioned this issue Aug 16, 2019
Closed
ulope added a commit to ulope/raiden that referenced this issue Aug 19, 2019
@ulope
Switch to Synapse >= 1.0
4633a64 
(Not mergable currently because of raiden-network#4634. Temporarily uses the base64
solution mentioned in the issue.)

This updates our testing dependency to matrix-synapse 1.2.1.

The Synapse config files generated by the integration tests have been
updated to align with new / changed options.

Additionally this no longer uses local TLS certificates speeding up
tests.

Fixes: raiden-network#3387
Required for: raiden-network#4292
@ulope ulope mentioned this issue Aug 19, 2019
Merged
@Dominik1999 Dominik1999 removed this from the Alderaan milestone Aug 28, 2019
@ulope ulope mentioned this issue Sep 17, 2019
Open
2 tasks
ulope added a commit to ulope/raiden that referenced this issue Sep 30, 2019
@ulope
Switch to Synapse >= 1.0
acfb515 
(Not mergable currently because of raiden-network#4634. Temporarily uses the base64
solution mentioned in the issue.)

This updates our testing dependency to matrix-synapse 1.2.1.

The Synapse config files generated by the integration tests have been
updated to align with new / changed options.

Additionally this no longer uses local TLS certificates speeding up
tests.

Fixes: raiden-network#3387
Required for: raiden-network#4292
LefterisJP pushed a commit that referenced this issue Oct 1, 2019
@ulope @LefterisJP
Switch to Synapse >= 1.0
4cf077e 
(Not mergable currently because of #4634. Temporarily uses the base64
solution mentioned in the issue.)

This updates our testing dependency to matrix-synapse 1.2.1.

The Synapse config files generated by the integration tests have been
updated to align with new / changed options.

Additionally this no longer uses local TLS certificates speeding up
tests.

Fixes: #3387
Required for: #4292
@LefterisJP
Copy link
Contributor

Is this scheduled for Alderaan?

If not ... I would like to point out that at this point the matrix library we are using is considered deprecated.

From their readme:

We strongly recommend using the matrix-nio library rather than this sdk. It is both more featureful and more actively maintained.

This sdk is currently lightly maintained without any person ultimately responsible for the project. Pull-requests may be reviewed, but no new-features or bug-fixes are being actively developed.

Are we sure we want to take a product to production with an active bug bounty using a non-supported library as the transport system's backbone?

@rakanalh rakanalh removed the P1 label Oct 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ulope ulope

Labels
Component / Transport Transport related issues State / Investigating For issues that are currently being looked into before labeling further
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ulope @rakanalh @hackaugusto @LefterisJP @Dominik1999