An open protocol can mandate indeed, but that is still in the realm of pinky promise security. A better design for a privacy-friendly chat protocol is to not write a lot of stuff on a lot of different remote servers when that's not necessary IMHO. One of matrix's selling points is to be censorship-proof though; in that case copying stuff as much as possible makes a lot more sense.

A protocol can only support, never mandate. If I send you "DELETE MSG #4829" and you do nothing and reply with "200 OK; DELETE MSG #4829", nobody observing the protocol's messages will ever know what happened. Sure, an omniscent being could say "but he internally broke protocol, he didn't delete the message!", but by definition if something cannot be verified inside the protocol, it is outside of protocol.

True, and Matrix has the weaker version of the feature: https://spec.matrix.org/v1.16/client-server-api/#redactions It should absolutely work in normal situations across all servers and most all clients.

People should related to anything federated like email. If you send something it is in someone else's computer now. With matrix or any e2ee protocols it is depending on pinky promise of the client to modify it. I thought the whole Snapchat fiasco already taught us that. Did we forget?