Re: Shrug
We, the research team, were pretty clear that these were both implementation and protocol issues:
"""
Are these attacks design flaws in the Matrix specification?
We will explain this one by one by using the name of the attacks previously defined:
a. Simple confidentiality break: The root cause of this attack is the fact that room management messages are not authenticated, which is a design flaw in the protocol itself, as no mechanism was specified for authentication of such messages.
b. Attack against out-of-band verification: This attack exploits an insecure implementation choice enabled by a design flaw in the specification as there is no domain separation enforced there.
c. Semi-trusted impersonation: This is mostly implementation bug supported by a lack of guidance on the processing of incoming key shares in spec.
d. Trusted impersonation: This is an implementation error as no check is performed to check whether Olm is used for encryption or not.
e. Impersonation to confidentiality break: This is an implementation error as no check is performed to check whether Olm is used for encryption or not.
f. IND-CCA break: This theoretical attack exploits a protocol design flaw.
"""
https://nebuchadnezzar-megolm.github.io/