New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC1711: X.509 certificate verification for federation connections #1711

Merged
merged 9 commits into from Jan 13, 2019

Conversation

@richvdh
Copy link
Member

richvdh commented Nov 7, 2018

@richvdh richvdh changed the title proposal for requiring signed certs for federation MSC1711: X.509 certificate verification for federation connections Nov 7, 2018

@ara4n

This comment has been minimized.

Copy link
Member

ara4n commented Nov 8, 2018

This generally looks good to me, although it's a bit sad that people who have got used to self-signed certs magically working (like me on arasphere) will be forced to pull their LE lives together.

Is there any way to (optionally) fall back to tofu when you see a self-signed cert? (asking somewhat rhetorically, given it feels it makes it too easy for an attacker to MITM new connections to servers via a self-signed cert)

@jevolk

This comment has been minimized.

Copy link
Contributor

jevolk commented Nov 8, 2018

related #1685

@richvdh

This comment has been minimized.

Copy link
Member

richvdh commented Dec 6, 2018

Note for anyone reading this: we see #1708 as a pre-requisite. It is fair to say that #1708 has had a less than rapturous reception.

richvdh added some commits Jan 7, 2019

Remove .well-known section
This really belongs in MSC1708.
@richvdh

This comment has been minimized.

Copy link
Member

richvdh commented Jan 7, 2019

right, I have updated this, and moved out the MSC1708 section because really that belongs to MSC1708. Everyone seems to be basically on board with the principle of this MSC, so I'm going to propose a FCP.

@mscbot fcp merge

@mscbot

This comment has been minimized.

Copy link
Collaborator

mscbot commented Jan 7, 2019

Team member @richvdh has proposed to merge this. The next step is review by the rest of the tagged teams:

No concerns currently listed.

Once a majority of reviewers approve (and none object), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for info about what commands tagged team members can give me.

@ara4n

This comment has been minimized.

Copy link
Member

ara4n commented Jan 8, 2019

/me wonders if there was any merit to his comment:

Is there any way to (optionally) fall back to tofu when you see a self-signed cert? (asking somewhat rhetorically, given it feels it makes it too easy for an attacker to MITM new connections to servers via a self-signed cert)

@ara4n

This comment has been minimized.

Copy link
Member

ara4n commented Jan 8, 2019

answer: the problem is that even if you publish a self-signed cert, it needs the other servers in the rooms to agree to do tofu. if they don't, then it all fails. so this would effectively need all servers to do tofu, which unless you know up front all the servers who connect to you (i.e. private federation), means everyone has to do tofu, at which point it's not optional any more.

@mscbot

This comment has been minimized.

Copy link
Collaborator

mscbot commented Jan 8, 2019

🔔 This is now entering its final comment period, as per the review above. 🔔

@richvdh richvdh added the r0 P1 label Jan 8, 2019

@richvdh richvdh added this to Holding pen in Backend Core Team via automation Jan 8, 2019

@richvdh richvdh moved this from Holding pen to Review in Backend Core Team Jan 8, 2019

@richvdh richvdh self-assigned this Jan 8, 2019

@mscbot

This comment has been minimized.

Copy link
Collaborator

mscbot commented Jan 13, 2019

The final comment period, with a disposition to merge, as per the review above, is now complete.

@turt2live turt2live merged commit 87bb1a6 into master Jan 13, 2019

7 checks passed

ci/circleci: build-dev-scripts Your tests passed on CircleCI!
Details
ci/circleci: build-docs Your tests passed on CircleCI!
Details
ci/circleci: build-swagger Your tests passed on CircleCI!
Details
ci/circleci: check-docs Your tests passed on CircleCI!
Details
ci/circleci: validate-docs Your tests passed on CircleCI!
Details
docs Click details to preview the HTML documentation.
Details
swagger Click to preview the swagger build.
Details

Backend Core Team automation moved this from Review to Done - Operations Jan 13, 2019

@neilisfragile neilisfragile moved this from Done - Operations to Done - Planned Project in Backend Core Team Jan 16, 2019

@neilisfragile neilisfragile added this to To Do in Jan 2019 s2s r0 via automation Jan 16, 2019

@neilisfragile neilisfragile moved this from To Do to Done in Jan 2019 s2s r0 Jan 16, 2019

@neilisfragile neilisfragile moved this from Done to To be added to spec in Jan 2019 s2s r0 Jan 16, 2019

@richvdh richvdh removed their assignment Jan 17, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment