🔗Dept of Spec 📜

Andrew Morgan (anoa) says

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

🔗MSC Status

New MSCs:

• MSC4038: Key backup for MLS

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• MSC3291: Muting in VoIP calls

Closed MSCs:

• No MSCs were closed/rejected this week.

🔗Spec Updates

This week we have been preparing for IETF117, Matrix 1.8, Matrix 1.9, and Messaging Layer Security (MLS) for Matrix. Most of our work on globally interoperable communications is ongoing through the More Instant Messaging Interoperability (MIMI) working group at the IETF, and will be making significant strides in the coming days as we head to the IETF117 hackathon and meetup.

Over the last few months we've been working on a version of Linearized Matrix which supports the simplicity of linear event history while being fully compatible with today's Matrix network, and while we think that the 03 draft we wrote up accomplishes a lot of this, there's further work to be done to make it cleaner and easier to use. We've also been writing implementations of it to prove the semantics (and find areas which need improvement), starting with our cleanroom eigen-server TypeScript implementation and interoperating it with a branch of Synapse. During IETF117 we expect more implementations to sprout and have their interoperability tested - watch this space for updates on how that goes.

Aside from IETF117, we're continuing to look at the previously-selected Matrix 1.8 MSCs for release in mid-late August 2023. This might be slow over the next couple of weeks while half of us are at IETF117, but expect more forward progress when we get back. Matrix 1.9 is scheduled to be released sometime in November 2023, and a few months ago we said we were aiming to plan ahead for releases a bit more deliberately. Starting this week, we're accepting submissions for ideas and specific MSCs which need our attention in Matrix 1.9. If you have an MSC (current or future) which will need Spec Core Team (SCT) attention between August 2023 and November 2023, let us know in the SCT Office room. Once Matrix 1.8 is released (exact date TBD) we will have limited availability to add things to the Matrix 1.9 target - please raise your MSCs & themes as soon as possible. The current set of MSCs up for consideration can be found on the SCT Intake Board.

If you've made it this far in our weekly update, congratulations, and thank you. We expect things will rapidly start to happen with IETF117 kicking off tomorrow (July 22, 2023), and we will do our best to keep folks updated. Next week's TWIM in particular will have a post-IETF117 debrief for your reading enjoyment :)

As always, if you have any questions or concerns about what we're working on, visit the SCT Office and let us know. We can't promise a prompt reply (particularly during IETF117), but we will take a look when we can.

🔗Random MSC of the Week

The random MSC of the week is... MSC3105: Previewing UIA flows!

This MSC addresses a shortcoming in the current User-Interactive Authentication (UIA) mechanism where attempting to deduce the required authentication flows for an action will result in that action being carried out if it turns out no flows were required. This makes it tricky for a client to present a "are you sure you want to do X?" as a final step in completing an action that requires authentication.

The proposals aims to allow an OPTIONS pre-flight HTTP request to the same endpoint in order to retrieve the flows necessary, without actually carrying out the action. The proposal does note that using OPTIONS for this case is a bit non-standard though, and some clients may treat the typical 401 error code returned during User-Interactive Auth as a fatal error.

While this does address a flaw in the UIA system, it's worth noting that many other flaws exist! Matrix is planning to move over to an OpenID Connect-based authentication system in the not too distant future, which will likely have far fewer edge cases than our traditional, home-grown one. You can visit https://areweoidcyet.com/ for more information and to track the current progress on that front.

Continue reading…

Hi all,

Given our commitment to open standards and interoperability, we’re delighted to see MLS be ratified by the IETF as RFC9420.

MLS is a new encryption standard defined by the IETF, the standards body that maintains much of what makes the internet work. In the same way that Transport Layer Security (TLS, another IETF standard) defines the way to provide encryption between users and servers, or between two different servers, MLS provides a standard way for users of a messaging service to communicate securely without servers being able to eavesdrop on their conversations.

Continue reading…

🔗Matrix Live

🔗Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

🔗MSC Status

New MSCs:

• MSC4037: Thread root is not in the thread
• MSC4036: Room organization by promoting threads
• MSC4034: Media limits

MSCs in Final Comment Period:

• MSC3291: Muting in VoIP calls (merge)

Accepted MSCs:

• No MSCs were accepted this week.

Closed MSCs:

• No MSCs were closed/rejected this week.

🔗Spec Updates

Not a lot to say this week. The Spec Core Team is humming along with review, while we also wait for progress of various MSCs from their authors. The full list of what's in flight can be found in this week's Tuesday ping in the Office of the Spec Core Team room.

IETF and MIMI work is still continuing on in the background. Look out for a TWIM in the near future for an update to progress on that front!

🔗Random MSC of the Week

The random MSC of the week is... MSC3192: Batch state endpoint!

This MSC defines an endpoint to send lots of state (max 50 at once) into a room in one go. This sounds useful for all sorts of tasks, and it's a wonder that it hasn't come up before.

If that sounds like an endpoint you'd like to go, give feedback on the MSC linked above!

Continue reading…

🔗Matrix Live

🔗Dept of Spec 📜

Andrew Morgan (anoa) announces

Here's your weekly spec update! The heart of Matrix is the specification - and this is modified by Matrix Spec Change (MSC) proposals. Learn more about how the process works at https://spec.matrix.org/proposals.

🔗MSC Status

New MSCs:

• MSC4033: Explicit ordering of events for receipts

MSCs in Final Comment Period:

• No MSCs are in FCP.

Accepted MSCs:

• MSC4025: Local user erasure requests

Closed MSCs:

• MSC3746: Render image data in reactions
  • An alternative proposal: MSC4027: Propose method of specifying custom images in reactions

🔗Spec Updates

Work to use Matrix as the standard for interoperable messaging at the IETF is continuing in full stride. At IETF 117 (July 22nd - 28th, 2023) we'll be talking about the precise requirements of an interoperable protocol, and encouraging Matrix be that protocol. Linearized Matrix is our proposal for the room model, with more updates expected in the coming days ahead of the submission deadline, meanwhile yours truly is working on using MSC1767 Extensible Events for a content format. Watch this space for updates leading up to IETF 117 🙂

We're also well on track to test interoperability of different Linearized Matrix implementations at the Hackathon - get in touch with us via the #sct-office:matrix.org if you're working on such an implementation so we can coordinate details. It's not too late to get started either; Linearized Matrix itself is relatively simple to implement compared to the full capability of Matrix, by design.

🔗Random MSC of the Week

The random MSC of the week is... MSC3903: X25519 Elliptic-curve Diffie-Hellman ephemeral for establishing secure channel between two Matrix clients!

This MSC provides a means of establishing a trusted, secure communications channel across a potentially untrusted network. Subsequent MSCs could then use this channel to transfer details such as login tokens or key backup credentials in the context of setting up a new Matrix device. MSC3906 is one proposal that takes advantage of this.

This is just one piece of work building on the tree of MSCs supporting the shift of authentication in Matrix from home-brewed to OIDC. See https://areweoidcyet.com/ for more details on that effort.

Continue reading…

Libera Chat recently announced their decision to opt-out of portalled rooms from the Libera.Chat bridge instance hosted by the Matrix.org Foundation (a decision we regret but respect). This means that for the bridge to keep working, all of your portalled rooms need to be turned into plumbed rooms before July 31st. All of this might be a bit obscure, so let’s walk together through these concepts and give you the tools to make sure the bridge keeps working for you.

Continue reading…

On Monday 3rd July, the Libera.Chat IRC network shared that they would no longer accept portalled rooms over the Matrix.org <> Libera.Chat bridge. This change will come into effect between 25th July and 31st July.

We respect the decision but also recognise that this will be disruptive for matrix.org users accessing IRC over the bridge.

Practically speaking, if you currently use matrix.org as a bouncer into Libera.Chat this will no longer be possible unless the admin of every room you inhabit is willing to reconfigure the room for plumbing.

This post explains the situation as seen from the matrix.org side, what it means for matrix.org users and what to do next.

Continue reading…

We launched the Matrix Public Archive publicly on June 2nd, 2023. We decided to take it down on Sunday, June 25th out of precaution after a member of OFTC staff warned us that the archive made the content of two OFTC IRC channels bridged to Matrix available on the Internet.

After investigating the issue, we determined that the Matrix Public Archive's behaviour was expected for these channels, given an IRC chanop had explicitly configured the Matrix side of the rooms to be world-readable.

Let's talk about how room visibility works in vanilla Matrix, how it works with bridges, and what are the next steps.

Continue reading…

🔗Matrix Live

🔗Dept of Status of Matrix 🌡️

Thib announces

You might have seen the news already, but the Matrix.org Foundation is pleased to welcome the first public sector organisation as part of its membership: Gematik joined us as a Silver member!

If you're an organisation of the public sector it might not be obvious why spending money on an open source product is important: you will probably be interested in why it makes sense for gematik to contribute, and how it benefits the public sector in general.

Whether you're an individual, a business, a non-profit, a public sector organisation, you can join the Matrix.org Foundation as a member to support us in our mission and help us steer Matrix in the right direction!

Continue reading…

We were already proud to announce that the national agency for the digitalisation of the healthcare system in Germany (gematik) had selected Matrix as the open standard on which to base all its interoperable instant messaging standard, back in 2021.

We are now delighted to let the world know that they are doubling down on sovereignty and sustainability: gematik is the first organisation of the public sector to join the Matrix.org Foundation as a Silver member.

🔗Collaboration in the public sector

Our friends at the FSFE have been calling for software used in public services to be free software in their Public Money Public Code campaign. As advocates of open standards and an open source project ourselves, this is something we can get behind.

Software development can be an impenetrable world for people who don’t work in the field. It can sometimes be difficult for people outside of our industry to understand the importance of bitrotting and refactoring. One very unfortunate effect of this is that new features are easy to fund because they feel very tangible, but the most critical housekeeping work is not as appealing.

Yet, without regular refactoring to clean things up, it gets increasingly costly and difficult to add new features. Counterintuitively, spending money on “the boring tasks” is the most efficient use of money: without it the technical stack would become either obsolete, bloated, or both, and it would be much more costly to move to something else or maintain an in-house fork.

We’re very happy gematik is doing the right thing by supporting the technical stack it builds TI-Messenger on. By supporting the Matrix.org Foundation, gematik contributes to the sustainability of the protocol powering the communications of the German healthcare system… but not exclusively.

🔗Sharing costs across public services, and with the private sector

Matrix is an open standard, which means not only everyone can use it: when someone contributes to Matrix, everyone benefits from it. This makes Matrix particularly interesting for the public sector: if the German healthcare contributes to Matrix, the German Armed Forces benefit from it, and the other way around. It allows both to contribute less of their budget, instead of contributing each to an entirely different product. The German Federal Ministry of Defence already actively contributes to Matrix development and funding via its public IT services provider BWI GmbH, who relies on Element’s consulting services to develop their own Matrix-based messenger.

But Matrix being open source, it also allows the public and private sector to share the costs of maintenance by design. The public sector benefits from the contributions of the private sector to Matrix, and the opposite is true as well.

The Foundation plays a critical technical and social role in this system: it centralises and curates contributions to the protocol so it remains unbiased, coherent, and efficient.

🔗This is just a beginning

We’re extremely happy to welcome the first public sector organisation in the Matrix.org Foundation! Given how popular Matrix is among governments and the public sector in general, we know this is just a beginning: it would be illogical to deploy any solution at a large scale without contributing to its sustainability.

Whether you’re an organisation from the public or the private sector, looking to cut costs down by building on a common, standard and reliable foundation, you can support Matrix and join the Foundation today.

🔗Matrix Live

🔗Dept of Status of Matrix 🌡️

Thib says

Not only have we formally launched the Matrix.org Foundation membership programme… we're happy to already welcome our first member: Beeper!

Wondering why it makes sense for Beeper to support the Foundation? In short: we're mission-aligned, and it's a strategic business choice.

Thanks again to Beeper for all their contributions to the Matrix ecosystem, and we can't wait for more prospective members to show that they really mean to stand for open, decentralised secure communications 🚀

Continue reading…