Skip to content

MSC1973: Hash Key User ID#1973

Open
Zolmeister wants to merge 1 commit intomatrix-org:old_masterfrom
Zolmeister:master
Open

MSC1973: Hash Key User ID#1973
Zolmeister wants to merge 1 commit intomatrix-org:old_masterfrom
Zolmeister:master

Conversation

@Zolmeister
Copy link

@Zolmeister Zolmeister commented Apr 24, 2019
edited
Loading

Hash Key User ID

Trust-less federation of client keys via hash in User ID.

Proposal

During signature verification, if the User ID matches the following pattern: [a-z2-7]{16}//

Then decode it as: base32(SHA3-PREFIX)//

Where:

  • SHA3-PREFIX is first 80 bits of the SHA3-256 of the users public key
  • // is the 'magic string' identifier to differentiate from normal User IDs

Verify that the SHA3 hash matches for all given signatures.

e.g.

"signatures": {
  "@xmh57jrzrnw6insl//:example.com": {
    "ed25519:JLAFKJWSCS": "dSO80A01XiigH3uBiDVx/EjzaoycHcjq9lfQX0uWsqxl2giMIiSPR8a4d291W1ihKJL/a+myXS367WT6NAIcBA"
  }
}

This scheme is inspired by Tor rend-spec v2.

This addresses 13.11.2 Device verification.

Tradeoffs

Another solution would be to embed the Ed25519 key in the User ID, a la Tor rend-spec v3. However this would not support other key types and is much longer.

Potential issues

This requires clients to synchronize their keys across devices, which can be dangerous.

There is potential for conflicts with legitimate user names, however the // 'magic string' exists to mitigate this to some extent.

The // magic string might trip-up client parsing (maybe?), alternatives could be --, ==, .., etc.

Security considerations

80 bits is probably sufficient (see Tor) to prevent impersonation. Keep in mind that a collision must be found while also generating a valid private key.

Conclusion

This proposal allows the use of untrustworthy federation servers without manually verifying device lists and keys.

Signed-off-by: Zolmeister zolikahan@gmail.com

@Zolmeister Zolmeister changed the title MSC0000: Hash Key User ID MSC1973: Hash Key User ID Apr 24, 2019
@Zolmeister
proposal: Hash Key User ID
f63882a 
Signed-off-by: Zolmeister <zolikahan@gmail.com>
@turt2live turt2live added proposal A matrix spec change proposal proposal-in-review labels Apr 24, 2019
@turt2live turt2live added the kind:feature MSC for not-core and not-maintenance stuff label Apr 20, 2020
@turt2live turt2live added the needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. label Jun 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

kind:feature MSC for not-core and not-maintenance stuff needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Zolmeister @turt2live