archive
/
matrix-spec-proposals
mirror of https://github.com/matrix-org/matrix-spec-proposals
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Mandate a 'Security Considerations' section on MSCs (#4199)

Browse Source 
And link to lists of possible problems to think about.
This is part of an effort to improve the overall security
of Matrix during the design process.
pull/3635/merge
Kegan Dougal 2 months ago committed by GitHub
parent f633d3006e
commit 27bc9a50e9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File

2
MSC_CHECKLIST.md
Unescape Escape View File

@ -42,9 +42,9 @@ clarification of any of these points.
- [ ] Proposal text - [ ] Proposal text
- [ ] Potential issues - [ ] Potential issues
- [ ] Alternatives - [ ] Alternatives
- [ ] Security considerations
- [ ] Dependencies - [ ] Dependencies
- [ ] Stable identifiers are used throughout the proposal, except for the unstable prefix section - [ ] Stable identifiers are used throughout the proposal, except for the unstable prefix section
- [ ] Unstable prefixes [consider](README.md#unstable-prefixes) the awkward accepted-but-not-merged state - [ ] Unstable prefixes [consider](README.md#unstable-prefixes) the awkward accepted-but-not-merged state
- [ ] Chosen unstable prefixes do not pollute any global namespace (use “org.matrix.mscXXXX”, not “org.matrix”). - [ ] Chosen unstable prefixes do not pollute any global namespace (use “org.matrix.mscXXXX”, not “org.matrix”).
- [ ] Changes have applicable [Sign Off](CONTRIBUTING.md#sign-off) from all authors/editors/contributors - [ ] Changes have applicable [Sign Off](CONTRIBUTING.md#sign-off) from all authors/editors/contributors
- [ ] There is a dedicated "Security Considerations" section which detail any possible attacks/vulnerabilities this proposal may introduce, even if this is "None.". See [RFC3552](https://datatracker.ietf.org/doc/html/rfc3552) for things to think about, but in particular pay attention to the [OWASP Top Ten](https://owasp.org/www-project-top-ten/).

11
proposals/0000-proposal-template.md
Unescape Escape View File

@ -85,14 +85,21 @@ idea.
## Security considerations ## Security considerations
**All proposals must now have this section, even if it is to say there are no security issues.**
*Think about how to attack your proposal, using lists from sources like
[OWASP Top Ten](https://owasp.org/www-project-top-ten/) for inspiration.*
*Some proposals may have some security aspect to them that was addressed in the proposed solution. This *Some proposals may have some security aspect to them that was addressed in the proposed solution. This
section is a great place to outline some of the security-sensitive components of your proposal, such as section is a great place to outline some of the security-sensitive components of your proposal, such as
why a particular approach was (or wasn't) taken. The example here is a bit of a stretch and unlikely to why a particular approach was (or wasn't) taken. The example here is a bit of a stretch and unlikely to
actually be worthwhile of including in a proposal, but it is generally a good idea to list these kinds actually be worthwhile of including in a proposal, but it is generally a good idea to list these kinds
of concerns where possible.* of concerns where possible.*
By having a template available, people would know what the desired detail for a proposal is. This is not MSCs can drastically affect the protocol. The authors of MSCs may not have a security background. If they
considered a risk because it is important that people understand the proposal process from start to end. do not consider vulnerabilities with their design, we rely on reviewers to consider vulnerabilities. This
is easy to forget, so having a mandatory 'Security Considerations' section serves to nudge reviewers
into thinking like an attacker.
## Unstable prefix ## Unstable prefix

Write Preview
Loading…
Cancel
Save