2025-07-02, 14:35–15:10 (Europe/Paris), Amphitheater 122
The French government has deployed a private Matrix federation for French civil servants called Tchap.
Currently this federation has about 300 000 monthly active users and its usage is growing constantly.
Today our federation is closed and we would like to be able to connect with other public French Matrix nodes (local authorities for instance), and also other European countries.
We should implement measures to ensure that the federation remains resilient against potential attacks, both technical (e.g., DDoS, data interception) and organizational (e.g., unauthorized access, insider threats) :
- How can we restrict the servers we wish to communicate with? How can we be sure that we are actually communicating with them? Since TLS can be vulnerable to man-in-the-middle attacks by state actors, we can't rely on it entirely.
- How can we trust the identities of users from external deployments that we don’t control?
- How can we limit the interactions that external users can have with users from our federation?
We spent a lot of time thinking about this and now have a plan that looks legit, and that we are currently implementing. I'm sure you want to know more about it, right?
In this talk, we will share the approach we’ve taken to address these challenges and we will present the architecture we designed.
I am a Matrix expert working on the Tchap project for French Interministerial Directorate for Digital Affairs (DINUM).