-
-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
e2ee/device verification: clarifications #1830
base: main
Are you sure you want to change the base?
e2ee/device verification: clarifications #1830
Conversation
Most of the "Error and exception handling" section is generally applicable to other verification methods besides SAS, so I moved those bullet points under "Key verification framework". Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
It used to be possible to create a start request without a request, but this was deprecated. Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
It can be either a to-device event or an in-room event. Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
fa53f58
to
b8808ca
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this, and thanks for structuring it in a way that makes it easy to review!
- When a device receives an unknown `transaction_id`, it should send an | ||
appropriate `m.key.verification.cancel` message to the other device | ||
indicating as such. This does not apply for inbound | ||
`m.key.verification.request` or `m.key.verification.cancel` messages. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just checked, and the spec still allows verifications to start with m.key.verification.start
:
When verifying using to-device messages, an m.key.verification.start message can also be sent independently of any request, specifying the verification method to use. This behaviour is deprecated, and new clients should not begin verifications in this way. However, clients should handle such verifications started by other clients.
in https://spec.matrix.org/unstable/client-server-api/#key-verification-framework (second-last paragraph before https://spec.matrix.org/unstable/client-server-api/#mroommessagemkeyverificationrequest).
So this sentence should allow unknown transaction_id
for m.key.verification.request
, m.key.verification.start
, and m.key.verification.cancel
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can only initiate the verification with a .start
if it's done using to-device messages. (Confusing, I know.) So the "Required when sent as an in-room message" for m.relates_to
is still correct.
…amework Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
…amework Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
…amework Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
…amework Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
…amework Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
…amework Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
…amework Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
3aad3c5
to
55375f4
Compare
…amework Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
This commit changes the format of all links in the Device Verification section to be: [`m.key.verification.whatever`](#mkeyverificationwhatever) This involved adding links in a bunch of places, but also changing many links that did not have code within them to have the backticks. Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
17f9944
to
b87ffa6
Compare
Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
…n_id or m.relates_to Add notes about the fact that the start event *may* be the first event sent during a verification process and that clients should handle other clients doing so, but not themselves send the start event first. Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
Suddenly there's an awful lot changing in this PR, and it's quite hard to review... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. A few nits.
this example, Bob's device sends the `m.key.verification.start`, Alice's device | ||
could also send that message. As well, the order of the | ||
`m.key.verification.done` messages could be reversed. | ||
send [`m.key.verification.request`](#mkeyverificationrequest) events to all of |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For what it's worth, it's not obvious to me that making every single reference to an event into a hyperlink improves readability - as long as the first reference is a hyperlink, I think that would be fine. (Also, it means that all the text in the section is being reformatted, which makes it very hard to see what's actually changing in the text.)
But given it's done now, I'll not insist on it being changed back.
@@ -4,8 +4,9 @@ allOf: | |||
|
|||
description: |- | |||
Requests a key verification using to-device messaging. When requesting a key | |||
verification in a room, a `m.room.message` should be used, with | |||
[`m.key.verification.request`](#mroommessagemkeyverificationrequest) as msgtype. | |||
verification in a room, a [`m.room.message`](#mroommessage should be used, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
verification in a room, a [`m.room.message`](#mroommessage should be used, | |
verification in a room, a [`m.room.message`](#mroommessage) should be used, |
of his other devices may support the request. Instead, Bob's device should tell | ||
Bob that no supported method was found, and allow him to manually reject the | ||
request. | ||
Upon receipt of Alice's [`m.key.verification.request`](#mkeyverificationrequest) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think linking to #mkeyverificationrequest
incorrectly gives the impression that this only applies to to-device messages:
Upon receipt of Alice's [`m.key.verification.request`](#mkeyverificationrequest) | |
Upon receipt of Alice's `m.key.verification.request` |
[`m.key.verification.request`](#mkeyverificationrequest), | ||
[`m.key.verification.start`](#mkeyverificationstart), or | ||
[`m.key.verification.cancel`](#mkeyverificationcancel) messages. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Again, this applies as much to in-room m.key.verification.request
events as to-device events.
[`m.key.verification.request`](#mkeyverificationrequest), | |
[`m.key.verification.start`](#mkeyverificationstart), or | |
[`m.key.verification.cancel`](#mkeyverificationcancel) messages. | |
`m.key.verification.request`, `m.key.verification.start` or | |
`m.key.verification.cancel` messages. |
@@ -643,8 +655,8 @@ success. A failed attack would result in a mismatched Short | |||
Authentication String, alerting users to the attack. | |||
|
|||
To advertise support for this method, clients use the name `m.sas.v1` in the | |||
`methods` fields of the `m.key.verification.request` and | |||
`m.key.verification.ready` events. | |||
`methods` fields of the [`m.key.verification.request`](#mkeyverificationrequest) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same again
The event ID of the `m.key.verification.request` that this message is | ||
related to. | ||
The event ID of the | ||
[`m.key.verification.request`](#mkeyverificationrequest) that this |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[`m.key.verification.request`](#mkeyverificationrequest) that this | |
[`m.key.verification.request`](#mroommessagemkeyverificationrequest) that this |
Note that sending a start event without a request is deprecated, and | ||
clients should not send a start event without first sending a request | ||
event, but clients should handle other clients doing so. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that sending a start event without a request is deprecated, and | |
clients should not send a start event without first sending a request | |
event, but clients should handle other clients doing so. | |
Note that sending a `start` event without a `request` is deprecated, and | |
clients should not send a `start` event without first sending a `request` | |
event, but clients should handle other clients doing so. |
Note that sending a start event without a request is deprecated, and | ||
clients should not send a start event without first sending a request | ||
event, but clients should handle other clients doing so. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that sending a start event without a request is deprecated, and | |
clients should not send a start event without first sending a request | |
event, but clients should handle other clients doing so. | |
Note that sending a `start` event without a `request` is deprecated, and | |
clients should not send a `start` event without first sending a `request` | |
event, but clients should handle other clients doing so. |
Required when sent as an in-room message unless the start event is | ||
sent without a corresponding | ||
[`m.key.verification.request`](#mkeyverificationrequest). | ||
|
||
Indicates the | ||
[`m.key.verification.request`](#mkeyverificationrequest) that this | ||
message is related to. Note that for encrypted messages, this | ||
property should be in the unencrypted portion of the event. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
again, these are linking to the wrong m.key.verification.request
properties: | ||
rel_type: | ||
type: string | ||
enum: | ||
- m.reference | ||
description: |- | ||
The relationship type. Currently, this can only be an | ||
[`m.reference`](/client-server-api/#reference-relations) | ||
relationship type. | ||
event_id: | ||
type: string | ||
description: |- | ||
The event ID of the | ||
[`m.key.verification.request`](#mkeyverificationrequest) that | ||
this message is related to. | ||
type: object | ||
title: VerificationRelatesTo |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it should be possible to inherit these, but override the description. Probably something like:
m.relates_to:
allOf:
- $ref: m.key.verification.m.relates_to.yaml
- description: |-
... blah
@sumnerevans are you still interested in working on this? |
e2ee/device verification: move general error handling under framework
Most of the "Error and exception handling" section is generally applicable to other verification methods besides SAS, so I moved those bullet points under "Key verification framework".
e2ee/device verification/error handling: fix typo start -> request
It used to be possible to create a start request without a request, but this was deprecated.
m.key.verification.start: remove wording that it is typically to-device
It can be either a to-device event or an in-room-event.
e2ee/device verification: normalize all links
Changes the format of all links in the Device Verification section to be:
This involved adding links in a bunch of places, but also changing many links that did not have code within them to have the backticks.
e2ee/device verification start: clarify required nature of transaction_id or m.relates_to
Add notes about the fact that the start event may be the first event sent during a verification process and that clients should handle other clients doing so, but not themselves send the start event first.
Signed-off-by: Sumner Evans sumner.evans@automattic.com
Pull Request Checklist
Preview: https://pr1830--matrix-spec-previews.netlify.app