So, cryptographic login (i.e. consolidating login password and recovery passphrase) is a fairly challenging task, which is why we descoped it from E2EE-by-default. For instance, we need to make sure we don't break clients which don't want to do cryptographic login (e.g. Riot single-sign-on, or those who don't support E2EE). We also need to make sure that users can reset and rotate their passwords without losing their E2EE history. We'd also have to completely rewrite the registration/login process in Riot (again). We can't commit to timings on it, but based on the feedback from E2EE-by-default it'll be pretty high on the todo list.
TOFU is much easier, and hopefully we can sort it out as part of incremental fixes having now gone live. We almost snuck it in before release, but it'd have pushed things out even further. https://github.com/vector-im/riot-web/issues/12719 is the bug to follow here.
But yup, these will be the difference between today's 1.0 and an (even) better UX.
So, cryptographic login (i.e. consolidating login password and recovery passphrase) is a fairly challenging task, which is why we descoped it from E2EE-by-default. For instance, we need to make sure we don't break clients which don't want to do cryptographic login (e.g. Riot single-sign-on, or those who don't support E2EE). We also need to make sure that users can reset and rotate their passwords without losing their E2EE history. We'd also have to completely rewrite the registration/login process in Riot (again). We can't commit to timings on it, but based on the feedback from E2EE-by-default it'll be pretty high on the todo list.
TOFU is much easier, and hopefully we can sort it out as part of incremental fixes having now gone live. We almost snuck it in before release, but it'd have pushed things out even further. https://github.com/vector-im/riot-web/issues/12719 is the bug to follow here.
But yup, these will be the difference between today's 1.0 and an (even) better UX.