Merge pull request #1596 from uhoreg/e2e_sessions

specify how to handle multiple olm sessions with the same device
6 years ago · 0130620cc1
parent a46783eb24 9d0fec3645
commit 0130620cc1
2 changed files with 7 additions and 0 deletions
--- a/changelogs/client_server/newsfragments/1596.clarification
+++ b/changelogs/client_server/newsfragments/1596.clarification
@ -0,0 +1 @@
+specify how to handle multiple olm sessions with the same device
--- a/specification/modules/end_to_end_encryption.rst
+++ b/specification/modules/end_to_end_encryption.rst
@ -391,6 +391,12 @@ this check, a client cannot be sure that the sender device owns the private
 part of the ed25519 key it claims to have in the Olm payload.
 This is crucial when the ed25519 key corresponds to a verified device.

+If a client has multiple sessions established with another device, it should
+use the session from which it last received a message.  A client may expire old
+sessions by defining a maximum number of olm sessions that it will maintain for
+each device, and expiring sessions on a Least Recently Used basis.  The maximum
+number of olm sessions maintained per device should be at least 4.
+
 ``m.megolm.v1.aes-sha2``
 ~~~~~~~~~~~~~~~~~~~~~~~~
				`@ -0,0 +1 @@`
				`specify how to handle multiple olm sessions with the same device`