archive
/
matrix-spec-proposals
mirror of https://github.com/matrix-org/matrix-spec-proposals
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MSC4163: Make ACLs apply to EDUs (#4163)

Browse Source
pull/3782/merge
Matthias Ahouansou 2 months ago committed by GitHub
parent f07c4508a8
commit cf4cdf2663
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File

46
proposals/4163-make-acls-apply-to-edus.md
Unescape Escape View File

@ -0,0 +1,46 @@
# MSC4163: Make ACLs apply to EDUs
[Access Control Lists](https://spec.matrix.org/v1.11/client-server-api/#server-access-control-lists-acls-for-rooms)
(also known as ACLs) are used to prevent other servers from participating in a room at a federation level,
covering many federation API endpoints, including
[`/send`](https://spec.matrix.org/v1.11/server-server-api/#put_matrixfederationv1sendtxnid). However, while ACLs
are applied on a per-PDU basis on this endpoint, they are not applied to EDUs at all. Considering that some EDUs
are specific to certain rooms (e.g. read receipts & typing indicators), it makes sense to apply ACLs to them as well.
## Proposal
All EDUs which are local to a specific room MUST have ACLs applied to them. This means that for the EDUs currently
in the spec, ACLs would only apply to receipts and typing notifications. Examples of how ACLs should be enforced
at the point of receiving a transaction for those two types of EDUs are as follows:
- For
[typing notifications (`m.typing`)](https://spec.matrix.org/v1.11/server-server-api/#typing-notifications),
the `room_id` field inside `content` should be checked, with the typing notification ignored if the `origin`
of the request is a server which is forbidden by the room's ACL. Ignoring the typing notification means that the EDU
MUST be dropped upon receipt.
- For [read receipts (`m.receipt`)](https://spec.matrix.org/v1.11/server-server-api/#receipts), all receipts
inside a `room_id` inside `content` should be ignored if the `origin` of the request is forbidden by the
room's ACL.
## Potential issues
None considered.
## Alternatives
Leave things as-is, which wouldn't be that big of a deal when you consider that this would only apply
to typing notifications and read receipts currently, which don't allow for very significant disruption inside
a room. However, as ACLs are meant to prevent certain servers from participating in a room at all, it makes
sense to apply ACLs to EDUs which are local to certain rooms, as they are a form of participation.
## Security considerations
None considered.
## Unstable prefix
None required, as no new fields or endpoints are added.
## Dependencies
None.
Write Preview
Loading…
Cancel
Save