Merge pull request #411 from matrix-org/rav/e2e_impl/check_user_ids

E2E impl guide: check ids in device query
paul/thirdparty-lookup
Richard van der Hoff 8 years ago committed by GitHub
commit d93ef05f5e

@ -399,13 +399,19 @@ and the corresponding signature for the ``signature`` parameter. If the
signature check fails, no further processing should be done on the
device.
The client should check if the ``user_id``/``device_ie`` correspond to a device
The client must also check that the ``user_id`` and ``device_id`` fields in the
object match those in the top-level map [#]_.
The client should check if the ``user_id``/``device_id`` correspond to a device
it had seen previously. If it did, the client **must** check that the Ed25519
key hasn't changed. Again, if it has changed, no further processing should be
done on the device.
Otherwise the client stores the information about this device.
.. [#] This prevents a malicious or compromised homeserver replacing the keys
for the device with those of another.
Sending an encrypted event
--------------------------

Loading…
Cancel
Save