-
Notifications
You must be signed in to change notification settings - Fork 376
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC1544: Key verification using QR codes #1544
Conversation
Can we not reuse the "Interactive Key Verification" method, and simply have the QR code used to set the user and device that is being verified? |
Possibly, but if we're scanning a QR code, it doesn't inconvenience the user to also throw in the key data. Also, the interactive key verification is more complicated, and so people may implement this before implementing the other. |
My main concern is basically being able to reuse the same method for other QR code style mechanisms, but I take your point. I was hoping that we could split up IKV into two steps or something, so that you could reuse some of it when you already had a shared secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
seems sane - let's see what the implementation comes up with
🔔 This is now entering its final comment period, as per the review above. 🔔 |
@@ -0,0 +1,375 @@ | |||
Bi-directional Key verification using QR codes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While soru knows that she isn't part of the spec core team she is concerned that this isn't addressed properly. Without having more ping-pong game going around to actually know what is going on key verification is not future-proof for when new methods come around.
Soru has discussed alternatives of how the exact same UX could be implemented, with the only difference being that, well, it is future proof.
Just re-iterating this as the MSC is enting FCP and that is something that the spec core team should probably take into consideration.
Co-authored-by: David Baker <dbkr@users.noreply.github.com>
The final comment period, with a disposition to merge, as per the review above, is now complete. |
This has finished FCP and we've talked about the contentious points extensively in the #matrix-spec:matrix.org room - see those threads for details on their conclusion. As such, this MSC is landing as-is though can't be converted to spec until #2366 also lands. It is my intention to propose 2366 for the spec core team's focus for the coming week. We don't really have a label state for this sort of case, so I'm just going to leave it in finished-fcp until 2366 is landed too. |
Merged! 🎉 |
Rendered: https://github.com/uhoreg/matrix-doc/blob/qr_key_verification/proposals/1543-qr_code_key_verification.md