hambierNov 30, 2022
Given that #Luxchat will be Matrix-based, I finally tried out the #Matrix / #Element ecosystem. To be frank: If I didn't have reasonable cryptographic knowledge I wouldn't have the slightest idea what is going on:
At the second start of the app it gave a cryptic message about re-authentication and a subsequent warning about data loss. Key backup is rather manual and I have to provide a passphrase that should be different from my password. Cross-signing has to be enabled manually. 1/n
Show threadhambierNov 30, 2022

Since some more keys were generated I hit key backup or recovery agin (or was it yet another menu entry?) and it spit out a long recovery key that I should keep safe. So that'd be: my account password, a backup passphrase and a recovery key.

Again: I know that crypto is hard and adding it after the fact is always messy, but in the current state it's just a nightmare for a non-technical user.

It's obvious that #Luxchat will have to be way more than just a skin for an existing app. 2/n

Show threadhambierNov 30, 2022
At the very least, all encryption keys will have to be derived from the user's password and all auxiliary keys should be generated right from the beginning.
My bet is that the accounts will be linked to #Luxtrust in order to have only properly authenticated users on the platform.
It will be interesting to see how it'll all turn out.
3/3
Show threadKlotiiiNov 30, 2022
@hambier Oh, that wouldn't be good, would it?
Show threadhambierNov 30, 2022
@klotiii What wouldn't be good? Just reskinning and launching to the general public? That'd be a total clusterfuck 😆
But I really don't think that's the intent, especially since it's foremost for internal use by the state, so Luxtrust should be a given. Maybe that's what made them announce it also for the general public.
Show threadKlotiiiNov 30, 2022
@hambier No, the Luxtrust thing.
Show threadhambier
@klotiii Just to be clear: when Luxtrust started out, with signing sticks and crappy java middleware, it was a catastrophic experience. Also on older devices when they started with their mobile app. (And I did hate all of it.) But today, with their current app, I think it's mostly fine.
Nov 30, 2022 at 10:29amWeb