MSC3790: Register Clients

[xarvic]

Rendered

Signed-off-by: Christoph König jan.christoph.koenig@posteo.net

[turt2live]

Please also sign off on your changes when you get a chance.

[xarvic]

Wow that was quick, thanks for the reply :)

Please also sign off on your changes when you get a chance.

Just by editing the comment?

[turt2live]

Sign off can also be a comment in the PR description using the template:

Signed-off-by: Your Name <email@example.com>

[xarvic]

After reading the MSC again i noticed one problem, that it is not that easy to detect whether two clients are one the same device, since the device_id is actually a client_id. Maybe querying the device name could help?

[uhoreg]

This will only work if the command exists on the computer that your current client is running on. Similarly, if you try to use launch_url on a different computer/browser, then it will create a new session instead of using the existing session, which is presumably what you would want it to do.

[xarvic]

You are right. Is there a way to detect if two clients are on the same device? If so the chat client should probably filter out the rest.

[KitsuneRal]

Strictly speaking, no. Browser sandboxes are actually supposed to prevent web applications from doing that, and application confinement mechanisms like Flatpak normally deny most of insight into the local environment to the application as well.

[uhoreg]

It's not clear why a client would want to "highlight" an event, what it's supposed to do, and how it's related to the rest of this proposal.

[xarvic]

The idea was that by default events just get a small infotext combined with a link to click on like this:

Where as events which have a highlight get a bigger area with icon, header, description and a button. Something like this:

The aim is to distinguish between important and unimportant events so that the user doesn't get spammed.

Do you think this could be useful?

[KitsuneRal]

Still too many loose ends. Who decides which events are important and which are not? Where does this m.event_description event originate from and where is it placed?

[uhoreg]

I don't see why something like that needs to be sent as a separate event.

[uhoreg]

That's not a room ID or alias. How does the client find that room?

[xarvic]

Having a fixed room id is probably best, should i change it to #client_registration:yourhomeserver.com?

[KitsuneRal]

Why a room and not account data, if it's supposed to be private to the user?

[uhoreg]

That's not an ID, that's an alias. Also, that would mean that any homeservers that already have a room with such an alias would get confused clients.

[KitsuneRal]

So far the MSC is very sketchy and has quite a few gaps. The note in "Potential issues" is not completely accurate (the room is private to the user after all) but still provides ample opportunity for lateral propagation of an attack once one device has been compromised, making the suggestion a non-starter without proper security mitigations.

What you're trying to devise is a mechahism for experience hand-over really. Whether the client is running on the same device or not doesn't really matter - I might want to open some event on a desktop while running through the feed on a mobile phone, e.g. You really shouldn't deal with application invocation - it's a big security can of worms (have you heard of Windows OLE? You're half-way reinventing it for Matrix) and there are plenty of things in operating systems - think XDG specifications on Linux, e.g. - that are aimed at doing exactly that, with proper safeguards and local context.

That said, I think that advertising support of certain event types across devices of a user has some promise. I'd be interested to see an MSC focusing specifically on this - e.g., with a client at a certain device id claiming support of certain event types and other clients of the user unhiding these events even if they are unknown locally and hinting at the user's device(s) that can show them. This is a more compact and less controversial function.

[KitsuneRal]

You should have used matrix: URIs here instead of inventing yet another URI scheme.

[KitsuneRal]

Why a room and not account data, if it's supposed to be private to the user?

[KitsuneRal]

This needs explanation - I don't see how using environment variables helps the case you mentioned. Besides, environment variables are used to pass external configuration at the start of the application. You can't really pass environment variables to an already running application unless you have some inter-process communication mechanism around - and if you have one, why use environment variables...

[KitsuneRal]

Still too many loose ends. Who decides which events are important and which are not? Where does this m.event_description event originate from and where is it placed?

[xarvic]

So far the MSC is very sketchy and has quite a few gaps. The note in "Potential issues" is not completely accurate (the room is private to the user after all) but still provides ample opportunity for lateral propagation of an attack once one device has been compromised, making the suggestion a non-starter without proper security mitigations.

What you're trying to devise is a mechahism for experience hand-over really. Whether the client is running on the same device or not doesn't really matter - I might want to open some event on a desktop while running through the feed on a mobile phone, e.g. You really shouldn't deal with application invocation - it's a big security can of worms (have you heard of Windows OLE? You're half-way reinventing it for Matrix) and there are plenty of things in operating systems - think XDG specifications on Linux, e.g. - that are aimed at doing exactly that, with proper safeguards and local context.

Thanks, for your input. I took a look at OLE and XDG. You are right. This is what I wanted to have. But yes, i see the problem.

That said, I think that advertising support of certain event types across devices of a user has some promise. I'd be interested to see an MSC focusing specifically on this - e.g., with a client at a certain device id claiming support of certain event types and other clients of the user unhiding these events even if they are unknown locally and hinting at the user's device(s) that can show them. This is a more compact and less controversial function.

Maybe i will try that.