From e298500053ae4ead47174287c0d2f976c803b57a Mon Sep 17 00:00:00 2001
From: Hugh Nimmo-Smith <hughns@element.io>
Date: Wed, 10 Dec 2025 17:40:20 +0000
Subject: [PATCH] MSC4388

---
 ...r-channel.md => 4388-secure-qr-channel.md} |  28 +++++++++---------
 proposals/images/4388-qr-intent00.png         | Bin 0 -> 918 bytes
 .../images/4388-qr-intent01-unstable.png      | Bin 0 -> 910 bytes
 proposals/images/4388-qr-intent01.png         | Bin 0 -> 918 bytes
 4 files changed, 14 insertions(+), 14 deletions(-)
 rename proposals/{YYYY-secure-qr-channel.md => 4388-secure-qr-channel.md} (98%)
 create mode 100644 proposals/images/4388-qr-intent00.png
 create mode 100644 proposals/images/4388-qr-intent01-unstable.png
 create mode 100644 proposals/images/4388-qr-intent01.png

diff --git a/proposals/YYYY-secure-qr-channel.md b/proposals/4388-secure-qr-channel.md
similarity index 98%
rename from proposals/YYYY-secure-qr-channel.md
rename to proposals/4388-secure-qr-channel.md
index 52d163968..f4270a6a4 100644
--- a/proposals/YYYY-secure-qr-channel.md
+++ b/proposals/4388-secure-qr-channel.md
@@ -1,4 +1,4 @@
-# MSCYYYY: Secure out-of-band channel for sign in with QR
+# MSC4388: Secure out-of-band channel for sign in with QR
 
 This proposal forms part of [MSC4108] to make it easy to sign in on a new device with the help of an existing device.
 
@@ -424,9 +424,9 @@ d8 86 68 6a b2 19 7b 78 0e 30 0a 9d 4a 21 47 48 07 00 d7 92 9f 39 ab 31 b9 e5 14
 00 24
 65 38 64 61 36 33 35 35 2D 35 35 30 62 2D 34 61 33 32 2D 61 31 39 33 2D 31 36 31 39 64 39 38 33 30 36 36 38
 00 20
-68 74 74 70 73 3A 2F 2F 6D 61 74 72 69 78 2D 63 6C 69 65 6E 74 2E 6d 61 74 72 69 78 2e 6f 72 67" | xxd -r -p | qrencode -8 -l Q -t PNG -o ./proposals/images/YYYY-qr-intent00.png'
+68 74 74 70 73 3A 2F 2F 6D 61 74 72 69 78 2D 63 6C 69 65 6E 74 2E 6d 61 74 72 69 78 2e 6f 72 67" | xxd -r -p | qrencode -8 -l Q -t PNG -o ./proposals/images/4388-qr-intent00.png'
 -->
-![Example QR for intent 0x00](images/YYYY-qr-intent00.png)
+![Example QR for intent 0x00](images/4388-qr-intent00.png)
 
 ### Example for QR code generated on existing device
 
@@ -454,9 +454,9 @@ d8 86 68 6a b2 19 7b 78 0e 30 0a 9d 4a 21 47 48 07 00 d7 92 9f 39 ab 31 b9 e5 14
 00 24
 65 38 64 61 36 33 35 35 2D 35 35 30 62 2D 34 61 33 32 2D 61 31 39 33 2D 31 36 31 39 64 39 38 33 30 36 36 38
 00 20
-68 74 74 70 73 3A 2F 2F 6D 61 74 72 69 78 2D 63 6C 69 65 6E 74 2E 6d 61 74 72 69 78 2e 6f 72 67" | xxd -r -p | qrencode -8 -l Q -t PNG -o ./proposals/images/YYYY-qr-intent01.png'
+68 74 74 70 73 3A 2F 2F 6D 61 74 72 69 78 2D 63 6C 69 65 6E 74 2E 6d 61 74 72 69 78 2e 6f 72 67" | xxd -r -p | qrencode -8 -l Q -t PNG -o ./proposals/images/4388-qr-intent01.png'
 -->
-![Example QR for intent 0x01](images/YYYY-qr-intent01.png)
+![Example QR for intent 0x01](images/4388-qr-intent01.png)
 
 ## Secure channel
 
@@ -882,29 +882,29 @@ A threat analysis has been done within each of the key layers in the proposal ab
 
 While this feature is in development the new API endpoints should be exposed using the following unstable prefix:
 
-- `/_matrix/client/unstable/io.element.mscYYYY/rendezvous` instead of `/_matrix/client/v1/rendezvous`
+- `/_matrix/client/unstable/io.element.msc4388rendezvous` instead of `/_matrix/client/v1/rendezvous`
 
 Additionally, the feature is to be advertised as unstable feature in the `GET /_matrix/client/versions` response, with the
-key `io.element.mscYYYY` set to true. So, the response could look then as following:
+key `io.element.msc4388` set to true. So, the response could look then as following:
 
 ```json
 {
     "versions": ["..."],
     "unstable_features": {
-        "io.element.mscYYYY": true
+        "io.element.msc4388": true
     }
 }
 ```
 
 ### Unstable QR code format
 
-The unstable value of `IO_ELEMENT_MSCYYYY` should be used instead of `MATRIX` in the QR code.
+The unstable value of `IO_ELEMENT_MSC4388` should be used instead of `MATRIX` in the QR code.
 
 A full example for an existing device using ephemeral public key `2IZoarIZe3gOMAqdSiFHSAcA15KfOasxueUUNwJI7Ws` (base64
 encoded), at rendezvous session ID `e8da6355-550b-4a32-a193-1619d9830668` on homeserver `https://matrix-client.matrix.org` is as follows: (Whitespace is for readability only)
 
 ```
-49 4F 5F 45 4C 45 4D 45 4E 54 5F 4D 53 43 34 31 30 38
+49 4F 5F 45 4C 45 4D 45 4E 54 5F 4D 53 43 34 33 38 38
 03 01
 d8 86 68 6a b2 19 7b 78 0e 30 0a 9d 4a 21 47 48 07 00 d7 92 9f 39 ab 31 b9 e5 14 37 02 48 ed 6b
 00 24
@@ -917,21 +917,21 @@ Which looks as follows as a QR with error correction level Q:
 <!--
 Generated with:
 
-nix-shell -p qrencode --run 'echo "49 4F 5F 45 4C 45 4D 45 4E 54 5F 4D 53 43 34 31 30 38
+nix-shell -p qrencode --run 'echo "49 4F 5F 45 4C 45 4D 45 4E 54 5F 4D 53 43 34 33 38 38
 03 01
 d8 86 68 6a b2 19 7b 78 0e 30 0a 9d 4a 21 47 48 07 00 d7 92 9f 39 ab 31 b9 e5 14 37 02 48 ed 6b
 00 24
 65 38 64 61 36 33 35 35 2D 35 35 30 62 2D 34 61 33 32 2D 61 31 39 33 2D 31 36 31 39 64 39 38 33 30 36 36 38
 00 20
-68 74 74 70 73 3A 2F 2F 6D 61 74 72 69 78 2D 63 6C 69 65 6E 74 2E 6d 61 74 72 69 78 2e 6f 72 67" | xxd -r -p | qrencode -8 -l Q -t PNG -o ./proposals/images/YYYY-qr-intent01-unstable.png'
+68 74 74 70 73 3A 2F 2F 6D 61 74 72 69 78 2D 63 6C 69 65 6E 74 2E 6d 61 74 72 69 78 2e 6f 72 67" | xxd -r -p | qrencode -8 -l Q -t PNG -o ./proposals/images/4388-qr-intent01-unstable.png'
 -->
-![Example QR for intent 0x01](images/YYYY-qr-intent01-unstable.png)
+![Example QR for intent 0x01](images/4388-qr-intent01-unstable.png)
 
 It is suggested that this unstable QR prefix convention could be used by future proposals.
 
 ### M_CONCURRENT_WRITE errcode
 
-The unstable value of `IO_ELEMENT_MSCYYYY_CONCURRENT_WRITE` should be used instead of `M_CONCURRENT_WRITE`.
+The unstable value of `IO_ELEMENT_MSC4388_CONCURRENT_WRITE` should be used instead of `M_CONCURRENT_WRITE`.
 
 ## Dependencies
 
diff --git a/proposals/images/4388-qr-intent00.png b/proposals/images/4388-qr-intent00.png
new file mode 100644
index 0000000000000000000000000000000000000000..9cef72ef3abf29fd1d086a87054180f545be2c2a
GIT binary patch
literal 918
zcmV;H18Mw;P)<h;3K|Lk000e1NJLTq006fD006fE0{{R3YM@=*00006P)t-s00030
z|No`gpWOfe00MMUPE-H?$hF_c00009a7bBm000XT000XT0n*)m`~Uz0C`m*?R9J=W
zmpzW8Fc5_cIdDc_z>=>)<}1Mk__+XF$(gT##04O8U{U)DW@k3o#Fg&0My=@&$!)t{
zy?Raj_ZR)=U;HE*qTlk~lKUjr+Ct<N{Ngg&eag)F*fOtFCRXw2dV8E<9}-__@4M1l
zEe}|h=dh2&t95EVMRNy7WX^6MZBcSA*xM)5!2Y(pq@R1J;&T7V{rUG(ml}>29yR$`
z*f8Vl{#z$i{O<N99albPqA8oT+uP^7wVe6bB5zD%FdP176hg<#C{^Iw`Yn1+^kEIh
z4$t7)j?dul4%;qdS;6l>E$vM%eK=0LLk#aeYx$LqmFSabv=Aqx_3XBuLzzvak<60K
zZQbyevYvCoNtt7rV(B6E;LnaVoT;~Pl4B0MM6-(Wy@p3#av3`)9G6y5#PwajlHayW
ziKr`+ltA3z^WIw}zeJEb1<1*q1h+JEr{WoY0;%I;8MsjAXRG0yp#gEHHkg}SFV@5g
zenlGa$U3rni(ckqNg93!G3_=uh~b7l$!{utF*VVj1W{3woV<VeXC1#gK-h?17@bm@
zjE}6~xPSD>kkNqt%BZOuqE~Qf5b~>q-}*avhyfm@;TGb=gvC>{M1K=~&4pSnQim`3
zr;(+OoHhKmG_jkKYm%J3|D7MId57(}4@N*l3;Xq{h=O04&@Z!;64MsVViwkL-1!pG
zBh(YD$zbs<Y50Z1X80{m&9XSO8d$+k8E07EtdeTnC%d<Qt9eI#2a(exK8Y?a^!R@*
zzi?^c;DnrJI6(}kDQh_VzoX~o@m;e1JCADlY0WH-<eF^YQIck(hI1+yMyo9i8;LZL
z=dXEJ$I<&sLLxdYMxNQB3V!ua$<ODo8)8ht2r!T<Sq(?#gdQewOUw}oSKFKSDmlwo
z#B7D1V6@@jL{`O-KdmHl5xmT9=-ex~<l&4*7(+;~5UO~uf=fP!qF~oZ4gr$z=XcJp
z;_`a|ox-!EYaAByh;<xu7D^z5PeL8hcS=4*hg{S!wQ#3UhU_(*%ag2-9^tpRJ+v?@
sIPQN$F0%O5iTCG=RJ`_g@xR4?0lRwkPbone4*&oF07*qoM6N<$f@=%IssI20

literal 0
HcmV?d00001

diff --git a/proposals/images/4388-qr-intent01-unstable.png b/proposals/images/4388-qr-intent01-unstable.png
new file mode 100644
index 0000000000000000000000000000000000000000..30ecd14c7018ece5794bdfd96462e31e005d5dc1
GIT binary patch
literal 910
zcmV;919AL`P)<h;3K|Lk000e1NJLTq006fD006fE0{{R3YM@=*00006P)t-s00030
z|No`gpWOfe00MMUPE-H?$hF_c00009a7bBm000XT000XT0n*)m`~Uz0AW1|)R9J=W
zm%R<+Fbsuhs8DAwAV6!V(@Mz#PP{<8k~*y+KnvKN3d6id$M;j*6=Hox5Ck6rS)?8x
zDdN9B^q=2+BYGykH@~Oy2yVy+kyr4Yk2xAngzqJrH61Tj@#JP(CU!*i9gYV+R?Eqs
zp{|)f(J$GlxrEsexM8kKK9rn~M>Hq7f!#=ww_kba;*$UD{`~wtmmV%pqAB@>-H`Z$
zP5#nJ4?l^f?AL7YqB*)b@^bC7m+y_=p<=~nb5p~+_!C&gk*Lbethv7J@ycbiDxR=0
z9D$>N1Fd`VD{DC79Uuu?2#YuON@o9=hc3?YgWr&PD`Sw?ZBfHFTV9DMULkXNwu7#`
z_43o2wUwD5Cmbj??7sT!<$ErJ?9=QBws}tY11mVUx--`IpCEcTFNG-h8E9xU2e=cj
z?HF3!qK0q5pX8V3KlYfd-!l@Z;<k)b9ubO?w~WD!)@yh$oZT1+WRCD9k*I=;BW1H7
zOk1v~D`!@4bP(7h!?$gH#{!cS($8TdWZlGdBj~|RiH5A<oUtIE5$cjwvXS4cinBwF
zNQ=zwmCYx@4Oqd?;CDDJ`Yh8J(GL8#etY>AX<(dPA(8`?coQo)3IxGUN&IcZ%GrJM
z*2^~wL88@~1)*odV&kmfC)HE5O|x|mDzmMqAO)95BYHGacT6nWc;0^A$Kh{hfX)wu
z`3Zg#r}7GZ^`jzsNN7p)O1Cfdax}zMya>7~G8)0gS;ZOt=B7+f(UsKT`__3M-=b`9
zYV<(boB7ys>!Fi#!}w7VHJaKAQK2g()^KbrnhoxaITl?~-lgFi3O0%ZNI!x>VMfX-
zP6jeq8J!UcG^fl(DjsNJNYqF}u@GuqZa?qir@acTVN@$aI-v7M&~R?j8PTR6Bn^%;
zcB|qHVN2?s?APSqbo*N`zwR%XVK5bcee(9(UM}-FY(GNh{!)d%>#>(7hxJF2d3Z?X
zw6GK{N6e6St1IJ5g>K??9Cs*O6GrS7h8g%f&vbK%7Yax9$pEm6%W1e=6XaTl_A0?n
kx%{k`KK`%!?|&}O50>f$(_o!meE<Le07*qoM6N<$f|*sZ+5i9m

literal 0
HcmV?d00001

diff --git a/proposals/images/4388-qr-intent01.png b/proposals/images/4388-qr-intent01.png
new file mode 100644
index 0000000000000000000000000000000000000000..e111142204887d9ca78b5cf80e633b97f1404031
GIT binary patch
literal 918
zcmV;H18Mw;P)<h;3K|Lk000e1NJLTq006fD006fE0{{R3YM@=*00006P)t-s00030
z|No`gpWOfe00MMUPE-H?$hF_c00009a7bBm000XT000XT0n*)m`~Uz0C`m*?R9J=W
zm%q*AI1I&UC{Q+TK!Dm%rk3mm{HFoCC1q;EfE%zg1%kPcpXYWjxI|2E2Ll8C3DAht
z<0FUozd!VsfB8i;Ccl^CV{4xso<v^3Z?2O)=EPjiz3@hLW))9vu;*ouG4q{|A=JTY
zdE`Cu5{`*@vrf(DWbW*U%!MUem7FWiHWwP%KbF`0Cl5_r@}J$mzklwfh2w*zuAD0y
zX2kA)>!gW4;pp;tmvbSSi`fE%;T4?O--&moDVm*6yf0D1pD5RNr}MFXPo6XNtl?KU
zujoGV^iROCD_Pd?NFT}DF+@=*#PFW8l|S~}i26*Eg*YLtpVKOMbX`KoW-aEiZhWt@
zopVOWo>QGu9U%4SufQ74G+5W?bBVkrvx)M(h9_Q2odOh&q*Ywv_U_-vA6utLB&Anj
z2unQrZ$8`j4MEz2BIIN)IzD8UpyI{NaL9z$I&!7p7pvi1%w5EtKG8hn2C*hq@H^31
z%w-+i`-58MbIlt5K;H5AL<ccE&?os_#c!rA`HRqo%$l)E-Pb?c_!9un9j?Ntl-d=%
zvVtT3BO_!qBZub_-I%<BOM#HzEd16#(L)TdI}NuGCps)v&6@l}^z93+T%>*=Oey3j
z_sB)VA4@Z%Mb<7$?886vLo*LJ9((}FM+y7w=SCF#E;J`JBV1+e3yQ_8tl`M{3ZJwz
z5Uj~y^F3?$jbIB+0a3GT4y{I3@Jrg+F=w+y3|Fo%?ycWu9%#VXm}c=wN67!%ry99*
z{CIN4oMt#f3~qkwx0z#qOb&j<KoVsC;k$nuzoLQP4#9OWx`dwV`lR8UF$SNTtsNT~
zX=H$81&7(L8Rvw{VV*gl3V!v_$dP}@a?d#4xdeDPk=1a_oT3MIT}B^~;c9>9y++Oj
zJ&3m;PTMmAC$cJz>$8|cP7%EHZs^=AxXi<{gf@f;7OD`}RdAWl346l5{T3k!fBl~G
zo4EX6K&9{^Qy+pwKVlt6pM?_8@gKrHqVAM@PHqyNV=|{9*0FdE=lU~QVS0q$B6}!d
sR&eBhiU-0R6Q1u6X?W}Z;{O-_1wb?VEVkkRz5oCK07*qoM6N<$g8h%a_5c6?

literal 0
HcmV?d00001