archive
/
matrix-spec-proposals
mirror of https://github.com/matrix-org/matrix-spec-proposals
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1833 from matrix-org/travis/misc/domain-security

Browse Source 
Document domain reuse concerns
pull/1838/head
Travis Ralston 5 years ago committed by GitHub
parent 0f3aa3fa8a 48e4d6e412
commit fb36757869
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File

10
specification/server_server_api.rst
Unescape Escape View File

@ -1303,6 +1303,16 @@ Example code
known hash functions like SHA-256 when none of the keys have been redacted]]
Security considerations
-----------------------
When a domain's ownership changes, the new controller of the domain can masquerade
as the previous owner, receiving messages (similarly to email) and request past
messages from other servers. In the future, proposals like
`MSC1228 <https://github.com/matrix-org/matrix-doc/issues/1228>`_ will address this
issue.
.. |/query/directory| replace:: ``/query/directory``
.. _/query/directory: #get-matrix-federation-v1-query-directory

Write Preview
Loading…
Cancel
Save