Evaluate Matrix Spec for changes regarding encrypted attachments

Problem

Currently, the specification for sending encrypted attachments describes a bespoke mechanism to encrypt media, including AES-CTR, JSON Web Keys and hashes of the cipertext. As a rather low hanging fruit, we can ensure future stability and soundness using established authenticating ciphers, for example. We might also want to specify that media inside normal messages is always encrypted.

Goal

Evaluate whether we can improve the Matrix specification to better fit our security goals.

ACs

• Continous: Consider feedback from the community, eg. other MSCs
• Initial evaluation of the problem space as an ADR
• (Followup) ADR / Draft MSC written

Notes/ resources

• Comment by dkasak on MSC4016: Streaming E2EE file transfers with random access, suggesting not using a custom construction for streaming upload but rather the established STREAM
• Attachment requirements uIDs: Zapuk_17; Zapuk_18; Zapuk_38; Zapuk_115; Zapuk_117

Who needs to be involved / informed

• reviewers: PO
• involved: Architecture, Dev
• informed: