Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
MSC2241: key verification in DMs #2241
Team member @uhoreg has proposed to merge this. The next step is review by the rest of the tagged people:
Once at least 75% of reviewers approve (and none object), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!
See this document for info about what commands tagged team members can give me.
Some use case came up that currently isn't supported by this MSC.
In Riot, we want to always choose QR verification when accepting a verification request, so the client can show the QR code right after accepting without asking the user for a verification method. If the users can meet in person, they just have to scan the code and be done. If the users can't meet in person, they can hit a button to use SAS verification and continue that way.
One way of supporting this flow would be to accept the request twice: first with QR as a method, and then again with SAS as a method. The MSC doesn't say whether or not accepting a request multiple times is supported or not, but this feels like it is something that should probably be specified here.
Also, I don't think the requesting user can reliably tell which
Another way of supporting this could be to introduce an additional event (e.g.
Then, if either client scans the QR code, it accepts the request with the QR method. This would mean that now also the party that sent the original verification request can also accept the request.
What do you think would be the cleanest way to support this @uhoreg ?