MSC2241: Key verification in DMs #2241
Conversation
uhoreg
changed the title
|
@mscbot fcp merge |
|
Team member @uhoreg has proposed to merge this. The next step is review by the rest of the tagged people: Concerns:
Once at least 75% of reviewers approve (and none object), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for info about what commands tagged team members can give me. |
mscbot
added
proposed-final-comment-period
uhoreg
changed the title
|
|
||
| Users might have multiple Direct Messaging rooms with other users. In this | ||
| case, clients will need to prompt the user to select the room in which they | ||
| want to perform the verification. |
There was a problem hiding this comment.
Presumably this works fine if a client gets a key verification method via a non-DM room? One of the things with the current canonical DM proposal is that it doesn't actually guarantee there will be a single DM room at any given point (given glare and upgrading rooms and servers not agreeing etc)
There was a problem hiding this comment.
Yes, nothing here actually requires the room to be a DM, but clients should use a DM to avoid cluttering unrelated rooms.
There was a problem hiding this comment.
One of the things with the current canonical DM proposal is that it doesn't actually guarantee there will be a single DM room at any given point (given glare and upgrading rooms and servers not agreeing etc)
This is a bug in the proposal intending to be fixed. There will only ever be one DM by the time the proposal gets merged.
| visible to other users in the room. However, key verification does not rely on | ||
| secrecy, so this will no affect the security of the key verification. This may | ||
| reveal to others in the room that Alice and Bob know each other, but this is | ||
| already revealed by the fact that they share a Direct Messaging room. |
There was a problem hiding this comment.
Does this mean that clients have to be careful to ignore key verification messages not "directed" at them? Is there a situation where the DMness of a room is inconsistent between servers? E.g. you are in a 3-way room that the one of the other participants thinks is a DM room, but you don't, what happens?
There was a problem hiding this comment.
I think that clients should be able to respond to requests in non-DM rooms. So if clients don't agree on which rooms are DM, it should still work. If you try to do a verification in Matrix HQ, you'll just annoy everyone and someone will tell you to do it elsewhere.
Co-Authored-By: Kitsune Ral <Kitsune-Ral@users.sf.net> Co-Authored-By: David Baker <dbkr@users.noreply.github.com>
|
well, as @deepbluev7 pointed out, I was being a massive crank, so @mscbot fcp merge |
|
An FCP proposal is already in progress. |
| started | ||
| - `method`: the key verification method that is being used. This should be a | ||
| method that both Alice's and Bob's devices support. | ||
| - `from_device`: The user's device ID. |
There was a problem hiding this comment.
Why do we need a three-way handshake? Once Alice starts that verification why does Bob need a m.key.verification.ready? Can he not just jump to m.key.verification.start?
There was a problem hiding this comment.
It allows negotiating a common set of methods and then picking your preferred one. A client needs to send all methods it supports in start, but it may prefer a specific one, if supported. Then the other client can reply with the ones it prefers in "ready" and then the first client can choose its preferred method. If you reduce that to 2 steps, Either the first client sends it preferred methods instead of all of them, which may lead to no matching methods or it the second client picks one that is suboptimal for the first clients screen. Having 3 steps avoids that pretty much.
There was a problem hiding this comment.
I see. Would it make sense to make that a bit more clear? It may be helpful to prove a high-level overview of the flow somewhere. Maybe the following can be inserted:
At a high level a successful verification looks like this:
- Alice sends a
m.room.messageevent to the room specifying the target and includes supported methods and a fallback message for clients lacking support. - Bob accepts the verification request with a
m.key.verification.readyevent and includes their supported methods. - Either Alice or Bob selects a method and initiates the verification with a
m.key.verification.startevent. - Verification proceeds according to the selected method.
- Both Alice and Bob send a
m.key.verification.doneevent.
I think this gives a quick overview and can help speeding up the rest of the concrete details.
There was a problem hiding this comment.
The reasoning for m.key.verification.ready is given in #2366 so I don't think we need to repeat it here.
|
I've decoupled this MSC from the aggregations MSC by just saying that we're basing the property shape on what the aggregations MSC currently says, but we're going to be independent. If the aggregations MSC changes the property shape in the future, and we really want to re-sync, then we can introduce a new MSC to do so. So... @mscbot resolve The question of m.relationship vs m.relates_to in MSC1849 should be resolved. |
|
Unknown concern 'The question of m.relationship vs m.relates_to in MSC1849 should be resolved.'. |
|
🔔 This is now entering its final comment period, as per the review above. 🔔 |
mscbot
added
final-comment-period
|
(Concern resolved manually) |
|
The final comment period, with a disposition to merge, as per the review above, is now complete. |
mscbot
added
finished-final-comment-period
and removed
disposition-merge
final-comment-period
turt2live
added
spec-pr-missing
turt2live
added
spec-pr-in-review
|
Merged! 🎉 |
uhoreg
added
merged
|
For posterity, I've written #3267 to define how relations are used in this MSC (e.g. rel_type of m.reference) |
MSC2241: Key verification in DMs
MSC2241: Key verification in DMs
Rendered
Fixes element-hq/element-web#10493