Any scenario where the keys are now in unfriendly hands, without PFS they now get to read any previous data encrypted with those keys, for example because they've snooped the encrypted data and been keeping it for just such an opportunity.
just a day or two ago some Matrix fan here proudly told me how great e2ee is implemented in matrix that they encode all data on a server with your current password.
So first you implement an e2ee protocol with PFS, then make a hole in your security to make using it a little less inconvenient. Good job!
> just a day or two ago some Matrix fan here proudly told me how great e2ee is implemented in matrix that they encode all data on a server with your current password.
Matrix doesn't encode all data on the server with your current password.
Messages are encrypted through keys according to MEGOLM.
If the user chooses keys can be encrypted using a security key either generated randomly or derived from a password.
