Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC4161: Crypto terminology for non-technical users #4161

Open
wants to merge 31 commits into
base: main
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
5f08ae9
Initial commit for MSC4161: Crypto terminology for non-technical users
andybalaam Jun 27, 2024
32f386b
First draft
andybalaam Jun 27, 2024
cd26b70
Fix typo
andybalaam Jun 27, 2024
a7b5a77
Fix mis-formatted heading
andybalaam Jun 27, 2024
a79b289
Fix incorrect bolding
andybalaam Jun 27, 2024
89412cc
Ensure we are consistently saying Alice's identity appears to have ch…
andybalaam Jun 27, 2024
d15576e
Add another example for key storage
andybalaam Sep 5, 2024
af70e43
Link to MSC4153 where we mention it.
andybalaam Sep 5, 2024
720cdeb
Make the wording about resetting keys more precise.
andybalaam Sep 5, 2024
de285aa
Re-word the paragraph about the importance of verified identity chang…
andybalaam Sep 5, 2024
57fc5c1
Link to the spec equivalent wording for our recovery key
andybalaam Sep 5, 2024
a4b95b4
Re-word the paragraph about Invisible Crypto
andybalaam Sep 5, 2024
0499900
Propose being an appendix to the spec
andybalaam Sep 6, 2024
b919630
Add a section on what to say when a message can't be decrypted
andybalaam Sep 6, 2024
007a15f
Add a missing 's'
andybalaam Sep 6, 2024
45928bb
changes->changed
andybalaam Sep 6, 2024
3a2d012
Remove erroneous UTD message
andybalaam Sep 6, 2024
56b5daf
Mention that clients SHOULD follow this guide and document any except…
andybalaam Oct 7, 2024
fba4f5c
person->user
andybalaam Oct 7, 2024
9246021
Reword sentence on cross-signing
andybalaam Oct 7, 2024
0c9d812
Re-word the "Waiting for this message" sentence
andybalaam Oct 7, 2024
705f7bb
Add missing word "message"
andybalaam Oct 7, 2024
4bcee33
Remove unneeded 'private key' warning
andybalaam Oct 7, 2024
f654c2e
Re-word 'key-backup' paragraph to contrast with export.
andybalaam Oct 7, 2024
3c7695f
Make clear that 'insecure device' is permitted
andybalaam Oct 7, 2024
7a789c5
Remove 'cryptographic' before 'identity', and also tone down the warn…
andybalaam Dec 17, 2024
3ed51ec
Link to spec sections on QR and emoji, and transitive trust MSC
andybalaam Dec 17, 2024
b44397b
Add a section about why this is important
andybalaam Dec 17, 2024
04df819
Add a paragraph about losing the recovery key
andybalaam Dec 17, 2024
bdbd7b4
Remove the 'appears to have changed' wording and add explanation
andybalaam Dec 17, 2024
7a9a84b
Note that older spec versions say 'recovery key'
andybalaam Dec 17, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add a paragraph about losing the recovery key
  • Loading branch information
andybalaam committed Dec 17, 2024
commit 04df819f2f18191781c0489aeca17bede6cc5d05
9 changes: 9 additions & 0 deletions proposals/4161-crypto-terminology.md
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation requirements (in my opinion):

  • User research to show these terms as helpful and easily understood.

The research may be done through studies or deployment to a portion of the user base with analytics to show "easier" use of the app.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall review: The MSC appears to describe features and requirements of Element, and assumes that all clients in the ecosystem have similar or comparable features/needs. The assumptions read fine when applying this MSC to an Element client, but when comparing to the spec there feels like there's a gap in understanding.

Significant review from other client authors/developers, and their respective product/design teams, I think would be extremely valuable to help ensure this MSC does not solely apply to Element. This kind of review may need to be chased down as it's somewhat uncommon for a product-y MSC to be in the spec process.

Original file line number Diff line number Diff line change
Expand Up @@ -272,6 +272,15 @@ changed" messages), and also read old messages using the stored message keys.
A **recovery passphrase** is an easier-to-remember way of accessing the recovery
key and has the same purpose as the recovery key.

**Losing the recovery key**: if the user loses their recovery key, they can
"reset" it, which means re-storing the identity information in the server,
encrypted with a new recovery key. If the user has a verified client, then that
is holding the identity information locally, so they can reset their recovery
key without losing access to key storage. If they don't have a verified client
and they lose their recovery key, then they need to reset key storage as well as
recovery key (since the identity information is needed to read from key
storage), meaning they lose access to old messages.

> "Write down your recovery key in a safe place"

> "If you lose access to your devices and your recovery key, you will need to
Expand Down
Loading