|
|
|
|
@ -1,13 +1,12 @@
|
|
|
|
|
# Proposal to restrict allowed user IDs over federation
|
|
|
|
|
Currently the spec has [an appendice specifying allowed user ID grammar](https://matrix.org/docs/spec/appendices#user-identifiers).
|
|
|
|
|
Currently the spec has [an appendix specifying allowed user ID grammar](https://matrix.org/docs/spec/appendices#user-identifiers).
|
|
|
|
|
The spec makes it seem like user IDs can only consist of printable ASCII
|
|
|
|
|
characters, excluding space and `:`. However, the user ID grammar is not
|
|
|
|
|
actually a part of the event authorization rules, meaning most server
|
|
|
|
|
implementations will accept user IDs with arbitrary unicode characters.
|
|
|
|
|
|
|
|
|
|
Synapse, Construct and Dendrite will accept arbitrary unicode, while Conduit
|
|
|
|
|
believed the spec appendice and is therefore unable to join rooms with users
|
|
|
|
|
whose user IDs contain characters not allowed by the historical user ID grammar.
|
|
|
|
|
Synapse and Dendrite will accept arbitrary unicode, while Construct and Conduit
|
|
|
|
|
believed the spec appendix.
|
|
|
|
|
|
|
|
|
|
## Proposal
|
|
|
|
|
The proposed solution is applying the historical user ID grammar in step 5 of
|
|
|
|
|
@ -23,7 +22,7 @@ the room v1 event authorization rules. A new step is added between 5.a. and 5.b.
|
|
|
|
|
The changes are applied on top of room v6.
|
|
|
|
|
|
|
|
|
|
## Note about the user ID grammar spec
|
|
|
|
|
The user ID grammar spec appendice needs to be updated to mention that room
|
|
|
|
|
The user ID grammar spec appendix needs to be updated to mention that room
|
|
|
|
|
versions prior to this new version can contain arbitrary unicode user IDs,
|
|
|
|
|
so clients and servers must be able to handle such users.
|
|
|
|
|
|
|
|
|
|
|
Tulir Asokan
4 years ago