From 02ac0f3b339b7df4db2180a7e690431762382335 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Mon, 24 Jun 2019 11:56:04 +0100 Subject: [PATCH] Give the user control! --- proposals/2134-identity-hash-lookup.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/proposals/2134-identity-hash-lookup.md b/proposals/2134-identity-hash-lookup.md index 9aa5fe7c5..a2b6a26fb 100644 --- a/proposals/2134-identity-hash-lookup.md +++ b/proposals/2134-identity-hash-lookup.md @@ -58,7 +58,7 @@ The name `lookup_pepper` was chosen in order to account for pepper values being returned for other endpoints in the future. Clients should request this endpoint each time before making a `/lookup` or -`/(bulk_)lookup` request, to handle identity servers which may rotate their +`/bulk_lookup` request, to handle identity servers which may rotate their pepper values frequently. An example of generating a hash using the above hash and pepper is as follows: @@ -125,8 +125,9 @@ implementation, and should return a HTTP 404 if so. If an identity server is too old and a HTTP 404, 405 or 501 is received when accessing the `v2` endpoint, they should fallback to the `v1` endpoint instead. -However, clients should be aware that plain-text 3pids are required, and should -ask for user consent accordingly. +However, clients should be aware that plain-text 3pids are required, and MUST +ask for user consent to send 3pids in plain-text, and be clear about where they +are being sent to. ## Tradeoffs