From 26f8aed7a8540332d2fc95ff241010d0629a882d Mon Sep 17 00:00:00 2001 From: Denis Kasak Date: Thu, 25 Apr 2024 13:32:59 +0200 Subject: [PATCH] Add rational paragraph. --- proposals/4108-oidc-qr-login.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/proposals/4108-oidc-qr-login.md b/proposals/4108-oidc-qr-login.md index afc1700c..ef71a270 100644 --- a/proposals/4108-oidc-qr-login.md +++ b/proposals/4108-oidc-qr-login.md @@ -806,7 +806,16 @@ device did the QR code scanning. This derived secret is then used to to construc HMAC-SHA256. Due to the properties of ECDH, the existing device knows that the new device can only do this if it possesses the private part of the Curve25519 identity key. -TODO: a paragraph to say why we do this +By requiring the device ID to equal the device identity key, we reduce the number of (unnecessarily) free parameters, +allowing a user's E2EE devices to be uniquely identified only by their identity key, rather than by a (device ID, +identity key) 2-tuple. This paves the way for potentially making this a strict requirement for all E2EE-supporting +devices in a future iteration of the Matrix E2EE protocol. This would provide a marked increase in protocol robustness +and reduces potential for implementation errors. + +Separately, the proof of ownership of the identity key ensures that the new device cannot submit a key it does not +control, either by accident or maliciously. While this scenario doesn't represent an outright security +compromise---because a device cannot decrypt traffic for an identity key it does not control---it further reduces the +margin for implementation error. To calculate the proof the new device does: