Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MSC1973: Hash Key User ID #1973

Open
wants to merge 1 commit into
base: old_master
Choose a base branch
from
Open

MSC1973: Hash Key User ID #1973

wants to merge 1 commit into from

Conversation

Zolmeister
Copy link

@Zolmeister Zolmeister commented Apr 24, 2019
edited
Loading

Hash Key User ID

Trust-less federation of client keys via hash in User ID.

Proposal

During signature verification, if the User ID matches the following pattern: [a-z2-7]{16}//

Then decode it as: base32(SHA3-PREFIX)//

Where:

  • SHA3-PREFIX is first 80 bits of the SHA3-256 of the users public key
  • // is the 'magic string' identifier to differentiate from normal User IDs

Verify that the SHA3 hash matches for all given signatures.

e.g.

"signatures": {
  "@xmh57jrzrnw6insl//:example.com": {
    "ed25519:JLAFKJWSCS": "dSO80A01XiigH3uBiDVx/EjzaoycHcjq9lfQX0uWsqxl2giMIiSPR8a4d291W1ihKJL/a+myXS367WT6NAIcBA"
  }
}

This scheme is inspired by Tor rend-spec v2.

This addresses 13.11.2 Device verification.

Tradeoffs

Another solution would be to embed the Ed25519 key in the User ID, a la Tor rend-spec v3. However this would not support other key types and is much longer.

Potential issues

This requires clients to synchronize their keys across devices, which can be dangerous.

There is potential for conflicts with legitimate user names, however the // 'magic string' exists to mitigate this to some extent.

The // magic string might trip-up client parsing (maybe?), alternatives could be --, ==, .., etc.

Security considerations

80 bits is probably sufficient (see Tor) to prevent impersonation. Keep in mind that a collision must be found while also generating a valid private key.

Conclusion

This proposal allows the use of untrustworthy federation servers without manually verifying device lists and keys.

Signed-off-by: Zolmeister zolikahan@gmail.com

@Zolmeister Zolmeister changed the title MSC0000: Hash Key User ID MSC1973: Hash Key User ID Apr 24, 2019
@Zolmeister
proposal: Hash Key User ID
f63882a 
Signed-off-by: Zolmeister <zolikahan@gmail.com>
@turt2live turt2live added proposal A matrix spec change proposal proposal-in-review labels Apr 24, 2019
@turt2live turt2live added the kind:feature MSC for not-core and not-maintenance stuff label Apr 20, 2020
@turt2live turt2live added the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Jun 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
kind:feature MSC for not-core and not-maintenance stuff needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Zolmeister @turt2live