archive
/
matrix-spec-proposals
mirror of https://github.com/matrix-org/matrix-spec-proposals
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Mandate a 'Security Considerations' section on MSCs (#4199)

Browse Source 
And link to lists of possible problems to think about.
This is part of an effort to improve the overall security
of Matrix during the design process.
pull/3635/merge
Kegan Dougal 2 months ago committed by GitHub
parent f633d3006e
commit 27bc9a50e9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File

2
MSC_CHECKLIST.md
Unescape Escape View File

@ -42,9 +42,9 @@ clarification of any of these points.
- [ ] Proposal text
- [ ] Potential issues
- [ ] Alternatives
- [ ] Security considerations
- [ ] Dependencies
- [ ] Stable identifiers are used throughout the proposal, except for the unstable prefix section
- [ ] Unstable prefixes [consider](README.md#unstable-prefixes) the awkward accepted-but-not-merged state
- [ ] Chosen unstable prefixes do not pollute any global namespace (use “org.matrix.mscXXXX”, not “org.matrix”).
- [ ] Changes have applicable [Sign Off](CONTRIBUTING.md#sign-off) from all authors/editors/contributors
- [ ] There is a dedicated "Security Considerations" section which detail any possible attacks/vulnerabilities this proposal may introduce, even if this is "None.". See [RFC3552](https://datatracker.ietf.org/doc/html/rfc3552) for things to think about, but in particular pay attention to the [OWASP Top Ten](https://owasp.org/www-project-top-ten/).

11
proposals/0000-proposal-template.md
Unescape Escape View File

@ -85,14 +85,21 @@ idea.
## Security considerations
**All proposals must now have this section, even if it is to say there are no security issues.**
*Think about how to attack your proposal, using lists from sources like
[OWASP Top Ten](https://owasp.org/www-project-top-ten/) for inspiration.*
*Some proposals may have some security aspect to them that was addressed in the proposed solution. This
section is a great place to outline some of the security-sensitive components of your proposal, such as
why a particular approach was (or wasn't) taken. The example here is a bit of a stretch and unlikely to
actually be worthwhile of including in a proposal, but it is generally a good idea to list these kinds
of concerns where possible.*
By having a template available, people would know what the desired detail for a proposal is. This is not
considered a risk because it is important that people understand the proposal process from start to end.
MSCs can drastically affect the protocol. The authors of MSCs may not have a security background. If they
do not consider vulnerabilities with their design, we rely on reviewers to consider vulnerabilities. This
is easy to forget, so having a mandatory 'Security Considerations' section serves to nudge reviewers
into thinking like an attacker.
## Unstable prefix

Write Preview
Loading…
Cancel
Save