Hi Paul,

Thanks for your look at olm and megolm.

There are a few things to clarify. First of all, in the first paragraph of “Olm, Megolm — What’s the deal?”, you say that olm is used in one-to-one chats, and megolm is used in group chats. In fact, megolm is used even in one-to-one chats; Matrix doesn’t have the same distinction between one-to-one chats and group chats as XMPP does, and one-to-one chats can become group chats, so we use the same protocol for both.

Regarding the sentence, “The protocol defends against this by requiring the user to generate a new random session whenever a new user joins/leaves the room and/or a certain number of messages has been sent, whereby the window of possibly compromised messages gets limited to a smaller number”, megolm sessions are also rotated after a certain amount of time. The suggested number of messages or time after which megolm sessions are rotated is configurable per-room, and if you want to avoid having the same key decrypt multiple messages, you could set it so that the megolm session is rotated for every message.

About “On the pro side of things, trust management has been simplified as the user basically just has to decide whether or not to trust each group member instead of each participating device – reducing the complexity from a multiple of n down to just n”, megolm still encrypts to each device separately, so you still need to trust each device separately. We are currently working on cross-signing (https://github.com/matrix-org/matrix-doc/pull/1756) in order to solve this issue, but it is not complete yet.

Again, thank you for your blog post.