Thib

Matrix Live

An unfortunate series of events prevented us from recording this week! Stay tuned for great bridge news next week.

Dept of Spec 📜

Andrew Morgan (anoa) [GMT-6] says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC3999: Add causal parameter to /timestamp_to_event
• MSC3998: Add timestamp massaging to /join and /knock
• MSC3997: Add timestamp massaging to /createRoom
• MSC3996: Encrypted mentions-only rooms.
• MSC3995: [WIP] Linearized Matrix

MSCs in Final Comment Period:

• MSC3970: Scope transaction IDs to devices (merge)

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• No MSCs were closed/rejected this week.

Spec Updates

The concept of Linearized Matrix (MSC3995) is moving forwards as a potential answer to the European Union's, Digital Markets Act. The fully-decentralised Direct Acyclic Graph (DAG) model of Matrix is well-known, yet complex to implement and thus a potential blocker to gatekeepers who are looking for an interoperable messaging protocol to link their chat service to. Enter Linearized Matrix, a concept of a Matrix room that uses a linked-list to store events in a room, rather than a DAG. Crucially, while being simpler to implement, our aim is to be forward-compatible with the DAG version of Matrix, such that gatekeepers may switch over to DAG-style Matrix in the future if they so chose.

See MSC3995 for more information, and a reminder that this is all still very much in flux!

Random MSC of the Week

The random MSC of the week is... MSC2943: Return an event ID for membership endpoints!

Currently, when you send a (state) event manually via PUT /_matrix/client/v3/rooms/{roomId}/send/{eventType}/{txnId}, you'll receive an event ID in the response. While you can send membership events this way, it's often a bit nicer to use the various POST /_matrix/client/v3/rooms/{roomId}/join,leave,kick endpoints instead. However, these do not return an event ID in their response. For clients that don't use /sync, this would force them to use the former, generic endpoint in order to retrieve the event ID of the membership event.

MSC2943 attempts to rectify that by specifying that membership-related endpoints should return an event ID, similar to the generic event send endpoint. Currently this MSC is just waiting on an implementation in a homeserver (and possible a client) in order to move forward. If you feel strongly about this change being included in the Matrix spec, why not get your hands dirty with some homeserver dev?

Continue reading…

Matrix Live

Dept of Spec 📜

TravisR says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC3994: Display why an event caused a notification
• MSC3993: Room takeover
• MSC3991: Power level up! Taking the room to new heights
• MSC3989: Redact origin field on events
• MSC3995: [WIP] Linearized Matrix

MSCs in Final Comment Period:

• No MSCs are in FCP.

Merged MSCs:

• MSC3980: Dotted Field Consistency

Spec Updates

This last week the core team has been working on Linearized Matrix, which now exists in MSC form. The idea is still very much in flux, but the MSC covers a large part of the backing context for the overall approach. More detail about IETF116, Linearized Matrix, and the overall mission can be found in last week's TWIM, and we're happy to answer any questions in #matrix-spec:matrix.org on Matrix.

Meanwhile, the Spec Core Team (SCT) has been focusing on Matrix 2.0 MSCs for OIDC, VoIP, etc alongside quite a few other smaller MSCs. You can follow along with the SCT's weekly priorities in the #sct-office:matrix.org room on Matrix.

Random MSC of the week

Today's random proposal is MSC3860: Media Download Redirects! Quite a few medium-large servers use a CDN of some kind to host media shared in rooms, and currently the usefulness of that CDN is diminished by servers not necessarily being able to tell clients that the media is actually found on another URL. This proposal formalizes HTTP 307 redirects, and the SCT is interested to hear if this will break any clients - check it out, leave some comments, and let us know :)

Continue reading…

Matrix Live

Dept of Status of Matrix 🌡️

uhoreg announces

Messaging Layer Security approved by the IETF

The IETF has approved Messaging Layer Security (MLS) for publication. MLS is an end-to-end encryption method designed for group messaging. We have been working on integrating a variant of MLS into Matrix. Keep an eye out for demos in the near future.

Dept of Spec 📜

Andrew Morgan (anoa) [GMT-8] says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC3987: Push actions clean-up
• MSC3985: Break-out rooms
• MSC3984: Sending key queries to appservices

MSCs in Final Comment Period:

• MSC3980: Dotted Field Consistency (merge)

Accepted MSCs:

• MSC3923: Bringing Matrix into the IETF process
• MSC2677: Annotations and reactions

Closed MSCs:

• No MSCs were closed/rejected this week.

Spec Updates

Last week we mentioned that we'd have more to share this week about an easier API for accessing rooms in Matrix, and while it was our intention to have an MSC out by now, our priorities shifted slightly after the MIMI working group session at IETF 116. Some exciting news on that front though: our proposed easier API, called Linearized Matrix (apologies to all the mathematicians), is very much in line with what the working group is thinking about. So much so that we're going through the effort of writing up Matrix as a series of proper Internet-Draft specifications.

We don't currently have an up-to-date document which covers Linearized Matrix completely, but the short version is it allows a server to support individual rooms being linear arrays instead of DAGs. This doesn't prevent a DAG-capable server from joining the room and speaking full-blown DAG either, which is particularly important for compatibility with the existing Matrix network. Currently our efforts on Linearized Matrix are in implementation rather than documentation, though once things are slightly more stable we'll be getting an MSC out there for everyone to review more easily. Watch this space for news.

Following IETF 116, we have an immense amount of work ahead of us to define Matrix as the standard for interoperable chat, but we're well on our way on getting through it all. Namely, we're going around and mapping Matrix's functionality onto MIMI's concepts, defining Matrix as a proper IETF standard along the way. The expected outcome of this for the implementation authors of Matrix is a spec that is significantly easier to follow, finally.

For an idea of what's ahead, here's what the SCT will be looking at over the next several months:

• Linearized Matrix (implementation & MSC)
• Extensible Events (at least the core types) - this will serve as the basis for an interoperable messaging format in our IETF drafts
• Decentralized MLS & interoperability of crypto
• Clarification gaps and bugs in the current spec
• Pseudonymous user IDs and account portability
• Almost certainly something that was missed when writing this list

Considering the above list, the Matrix 2.0 objectives (sliding sync, OIDC, native VoIP conferencing, and faster room joins), and the core team's work around mentions, abuse reporting, and more, the SCT will be a bit busy. That said, if you have MSCs you think we should be looking at, let us know in the #sct-office:matrix.org room. We've recently started doing our weekly planning in that room too, which should help give an idea for what the SCT is expecting to look at each week.

Random MSC of the Week

The random MSC of the week is... [WIP] MSC2966: Usage of OAuth 2.0 Dynamic Client Registration in Matrix!

This MSC provides a mechanism for implementing Dynamic Client Registration (RFC 7591) for OAuth 2.0 between Matrix clients and homeservers. Without this, homeserver admins would need to manually configure OAuth metadata (Redirect URIs, application names, client secrets, and more) for every Matrix client that wanted to connect to the homeserver. Since that doesn't really scale in an environment that allows anyone to use any client they like, dynamic registration is critical! Dynamic registration allows clients to communicate this metadata to the homeserver at the login/registration step.

MSC2966 is part of a series of MSCs that add first-class OpenID Connect (OIDC) support to Matrix. You can see an overview of the related MSCs (here) and https://areweoidcyet.com/ for the latest progress on integrating OIDC into the Matrix spec!

Continue reading…

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) says

MSC Status

New MSCs:

• MSC3984: Sending key queries to appservices
• MSC3983: Sending One-Time Key (OTK) claims to appservices
• MSC3982: Limit maximum number of events sent to an AS
• MSC3981: /relations recursion

MSCs in Final Comment Period:

• MSC3923: Bringing Matrix into the IETF process (merge)
• MSC2677: Annotations and reactions (merge)

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• MSC1796: improved e2e notifications

Spec Updates

The Matrix.org Foundation (mostly Travis) are beavering away preparing for the MIMI meeting at IETF 116 this weekend! This is part of our continual work to contribute to a IETF standard that can be used for interoperable messaging between gatekeepers (large companies in the chat world) under the EU's Digital Markets Act. See our earlier blogpost for more context on this topic.

In terms of our previous proposals on this subject; it turns out that implementing full-scale DAGs is a bit difficult, particularly when aiming to achieve interoperability on a short timeline. So we've been working on building an API surface for Matrix which makes rooms easier to access/implement in chat settings. We unfortunately don't have much to share today, but keep an eye on next week's TWIM for details 👀

Random MSC of the Week

The random MSC of the week is... MSC3480: Make device names private!

This MSC proposes hiding device names from any other user, while still allowing your own devices to see the names of the others.

You may question why device names being shown to other users was considered a good idea at all in Matrix. Initially these being public was really useful for verifying the devices of other users! Back in the days before cross-signing (where you only need to verify another user once), you had to verify every one of your friend's devices from every one of your own devices. It was an n * m problem, whereas if you had 4 devices, and your friend had 5, you'd need to do 20 verifications! And 4 more if your friend got a new phone!

So having device names back then were handy, but today any justification is moot and they're just a metadata leak. So we should get rid of them!

This MSC is blocked on a proven implementation. I actually wrote one up for Synapse a little while ago, and I plan to polish and merge it soon. Anyone else is free to do so in the meantime as well (just let me know first if you plan to do so in Synapse :).

Here's to improved privacy by default in Matrix!

Continue reading…

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC3980: Dotted Field Consistency
• MSC3979: Revised feature profiles
• MSC3977: Matrix as a Messaging Framework (IETF/MIMI)

MSCs in Final Comment Period:

• MSC1796: improved e2e notifications (close)

Accepted MSCs:

• No MSCs were merged this week.

Closed MSCs:

• MSC3978: Deprecate room tagging

Spec Updates

The Spec Core Team has started to publish their weekly list of MSCs to focus on reviewing in the Office of the Spec Core Team room. The list consists of the MSCs that are ready for immediate review, and would most help advance the Matrix protocol on any given week. This used to happen internally (they started out as weekly ping by a bot, and then slowly became curated by our resident human, Travis). But the idea to publish the list both allows people to easily follow along with what they're doing on a weekly basis (much like these posts, but in real time!), as well as helps push subsequent discussion to public channels.

Otherwise, Travis continues to be hard at work integrating Matrix into the IETF process. MSC3923 - initially published in November 2022 - was proposed for FCP this week (and has nearly passed!). Additionally, MSC3977 was published this week and talks about how Matrix is a great fit for the goals of the IETF's MIMI working group.

This is all ahead of the IETF 116 event which starts on March 26th. The Matrix.org Foundation will be attending remotely.

Random MSC of the Week

The random MSC of the week is... MSC3735: Add device information to m.room_key.withheld message!

This MSC proposes adding a new field, from_device, to m.room_key.withheld messages. This to-device message type is used to inform devices why a megolm session was not sent to them after they requested it.

Devices can request megolm sessions from multiple devices at once, but upon receiving a m.room_key.withheld message from one of them is currently unable to tell which of the devices responded with that message.

The proposed from_device field should not be added to m.room_key.withheld messages that are sent outside of key request flows.

Continue reading…

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC3975: rel_type for Replies

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• MSC3966: event_property_contains push rule condition
• MSC3873: event_match dotted keys
• MSC3758: Add event_property_is push rule condition kind

Closed MSCs:

• No MSCs were closed/rejected this week.

Spec Updates

Review this week from the SCT focused on the future of OIDC and logging in via a QR code (MSC3906) - a feature other platforms have and one I would love immensely. Fixing notifications (MSC3966, MSC3873, MSC3758, MSC3952, MSC3958) as per last week, as well as trying to finally get MSC2677 (spec'ing the current state of Annotations and Reactions) into FCP.

Random MSC of the Week

The random MSC of the week is... MSC3972: Lexicographical strings as an ordering mechanism!

While there already is an MSC for a top-level ordering of Spaces in use across some client implementations today (MSC3230), the algorithm recommended for clients to implement apparently has some consistency flaws, leading to edge cases. MSC3972 attempts to address this by providing a different algorithm that does not have these flaws. A real-world implementation of the algorithm is also available today in Kotlin at https://github.com/Dominaezzz/MatrixSort.

Neither of these algorithms have been merged to the spec yet, but this new MSC may finally push this conversation forwards! I recommend client developers give it a read and leave their feedback as Pull Request Review comments on the MSC.

Continue reading…

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

MSC Status

New MSCs:

• MSC3973: Search users in the user directory with the Widget API
• MSC3972: Lexicographical strings as an ordering mechanism
• MSC3971: Sharing image packs

MSCs in Final Comment Period:

• MSC3966: event_property_contains push rule condition (merge)
• MSC3873: event_match dotted keys (merge)
• MSC3758: Add event_property_is push rule condition kind (merge)

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• MSC3887: List matching push rules

Spec Updates

Other than spec text fixes in the matrix-spec repo, the Spec Core Team has mainly been focusing on push notifications, push rules and generally improving notifications across Matrix. This includes improving behaviour such as accidentally notifying someone when you mention their name, accidentally notifying people when you reply to a message, accidentally notifying when you edit a message and so on. The relevant MSCs are MSC3958, MSC3873, MSC3966 and MSC3758.

In addition, review of MSC3575 (Sliding Sync) and other sliding sync MSCs saw some in-depth review from Nico.

Random MSC of the Week

The random MSC of the week is... MSC3013: Encrypted Push!

When you get a push notification for a new message on your phone, you may wonder how that message travels from your homeserver to you. Typically it isn't done directly - instead, when you receive a message that should notify you, your homeserver will generate a push notification specifically for you, and send this off to a Matrix Push Gateway. That Push Gateway is then configured to send your notification off to a service which knows how to route it to your device. This is usually Apple's Push Notification Service in the case of iOS devices, or Google's Firebase Cloud Messaging service in the case of Android devices (though FCM supports iOS devices too!). Your phone's OS will keep a consistent connection to one of these services if an app has registered for push notifications, and thus you can receive notifications from apps even when your Matrix client is not running.

But doesn't that leak all of your message notifications to Apple or Google? 😱 Not quite. While clients can choose to include all contents of a message in a push notification, most instead opt for only including the event's ID. When the push notification containing that event ID reaches your phone, it wakes up a small portion of your Matrix client which goes and fetches the full message content from the homeserver (plus encryption keys if the message needs to be decrypted). This way, you can still get a notification without your Matrix client needing to be open all the time. However, some metadata (such as when you are getting a notification) is still leaked to Apple/Google. Since the third-party service knows the event ID, it can correlate which users are in the same room by cross-referencing event IDs in notifications across multiple users.

It's also a bit of a resource drain that the client needs to go and talk to the homeserver to fetch the full event content. Ideally we'd just include it all in the notification - but then we end up sharing too much information with the push provider!

This MSC proposes a solution; encrypt the message content and send that in the notification! Message contents are encrypted using a public key provided by the client to the homeserver when registering for push notifications. The ciphertext passes through the Push Gateway (which may be run by a separate entity to your homeserver) and the Push Notification service (run by Apple, Google, etc.) and then finally down to your client where it is decrypted without the need for a web request as the private key will just be stored in the client.

And since a separate encryption key is being used per-device, ciphertexts of the same event will differ when encrypted for different users - eliminating the Push Gateway/Push Notification Service from being to correlate notifications across users (timing attacks are still possible, but this can be reduced by introducing a small amount of jitter into when notifications are sent out).

Anyhoo, if you're big on privacy (or security against those running Push Gateway/Notification Services), check out this MSC!

Continue reading…

Matrix Live

Transcription (Community made): https://en.miki.community/wiki/Matrix_Tutorial_7

Dept of Spec 📜

TravisR announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals

MSC Status

Merged MSCs:

• MSC3925: m.replace aggregation with full event

Closed MSCs:

• MSC2000: Server-side password policies

MSCs in Final Comment Period:

• No MSCs are in FCP.

New MSCs:

• MSC3970: Scope transaction IDs to devices
• MSC3969: Size limits
• MSC3968: Poorer features

Spec Core Team

In terms of Spec Core Team MSC focus for this week, we've been aiming to get the requirements for MSC3952: Intentional Mentions landed as well as discussing MSC3952 itself, in addition to planning out what the next few spec releases are expected to look like.

Watch this space for progress on the Matrix 2.0 MSCs and other critical path items :)

Curated MSC of the week

This week's random chosen MSC is MSC3575: Sliding Sync! It's one of the largest (or is the largest?) MSCs we've ever had, and dramatically changes how clients actually get updates from the server. It's worth the read if you're a client developer, though the team working on it is ironing out some bugs. Let us know what you think on the MSC :)

The Chart

It seemingly was okay with being generated this week again, so here it is:

Continue reading…

Matrix Live

Thib was away this week, Matrix Live is finally coming back next week!

Dept of Status of Matrix 🌡️

Gitter

madlittlemods (Eric Eastwood) says

If you didn't already catch it this week, Gitter has fully migrated to Matrix! 😎

We brought over all of the historical Gitter content to the gitter.im homeserver and gave everyone free rein over it via app.gitter.im, a Gitter branded Element instance.

Of course, since it's Matrix, you can use whatever client you want to access your public, private and one to one (now DM) conversations!

You can read about the full details in the blog post: https://blog.gitter.im/2023/02/13/gitter-has-fully-migrated-to-matrix/

Happy chatting! 🤠

Dept of Spec 📜

TravisR reports

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals

MSC Status

Merged MSCs:

• No MSCs were merged this week.

MSCs in Final Comment Period:

• MSC3925: m.replace aggregation with full event (merge)

New MSCs:

• MSC3967: Do not require UIA when first uploading cross signing keys

Spec Core Team

The Spec Core Team has been busy working away at Matrix 1.6 (released earlier in the week) and aiming to get MSC3925: m.replace aggregation with full event, MSC3952: Intentional Mentions, and MSC2677: Annotations and reactions and all of their dependencies through the spec process. These are all MSCs the SCT has been asked to help get through the process - if there's an MSC we should be looking at, please let us know in #sct-office:matrix.org.

IETF/MIMI/DMA

With the Extensible Events Core (MSC1767) being accepted last week, the focus now turns to all the other extensible event MSCs for images, files, etc. How does extensible events relate to IETF/MIMI/DMA, you ask? In our mission for having Matrix be the standard for interoperability, we need a content format that works for everyone. Events prior to MSC1767 could work with enough effort, though MSC1767's system makes things a lot easier when representing arbitrarily complex messaging features.

Stay tuned to TWIM for progress in this area. It's a relatively slow process, but we're working through it.

Random MSC of the week

This week's random MSC is MSC2785: Event notification attributes and actions! This is effectively a replacement for the push rules system we have today, and a super interesting one (how do you even design a notifications system?). Focus has shifted a little bit since this MSC was first opened, though its ideas still comes up frequently when aiming to make smaller changes to push rules today.

The Chart

The chart has been giving us a bit of grief when trying to be generated, but today it seems agreeable enough to include - enjoy :)

Continue reading…

Matrix Live

Dept of Spec 📜

Andrew Morgan (anoa) says

MSC Status

New MSCs:

• MSC3964: Notifications for room tags

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• MSC3862: event_match (almost) anything
• MSC1767: Extensible event types & fallback in Matrix (v2)

Merged MSCs:

• MSC3943: Partial joins to nameless rooms should include heroes' memberships
• MSC3783: Fixed base64 for SAS verification

Spec Updates

In keeping with our (roughly) quarterly release schedule of the Matrix Spec, v1.6 is due to be released on February 14th. That's only four days from now! The headline features are a new Jump-to-Date Client-Server API (MSC3030) and initial work on speeding up room joins (MSC3706), along with many other fixes and clarifications to the spec text itself.

If you haven't yet seen it, Matthew's Matrix 2.0 talk at FOSDEM walks through some of the upcoming features in the spec. Each will land in subsequent, future releases of the spec. Once all have landed, we'll call that Matrix 2.0 (in name and in actual version number).

Extensible events is one such upcoming feature. While the core proposal outlining the feature (MSC1767) will land in v1.6, the smattering of MSCs which describe how various event types will work under extensible events will span multiple upcoming spec versions. Watch this space!

Random MSC of the Week

The random MSC of the week is... MSC2974: Widgets: Capabilities re-exchange!

This MSC is relatively simple; proposing a method for widgets to ask the client for additional capabilities after it has already been initialised. Doing so allows for increased security and privacy workflows, as the widget need only ask for access to certain pieces of data at the point that it needs it (rather than all up front).

A similar transition of permission granting happened in mobile devices and apps. Initially mobile apps would ask for all permissions they would need up front - which users would blindly accept. These days, mobile OS's have shifted to a model where individual permissions are requested upon attempting to complete an action in an app. This way, users have better context on the reason for the permissions request. (Oddly, browsers have yet to reach this stage with extensions - those still ask for all permissions up front.)

Do check out the proposal and its technical details if widgets are your thing!

Continue reading…