From 48e4d6e412077a48aeb39d374dae17e60f8e64df Mon Sep 17 00:00:00 2001
From: Travis Ralston <travpc@gmail.com>
Date: Thu, 31 Jan 2019 12:27:09 -0700
Subject: [PATCH] Document domain reuse concerns

Fixes https://github.com/matrix-org/matrix-doc/issues/1783
---
 specification/server_server_api.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/specification/server_server_api.rst b/specification/server_server_api.rst
index a63bf0a6b..b65060d9d 100644
--- a/specification/server_server_api.rst
+++ b/specification/server_server_api.rst
@@ -1303,6 +1303,16 @@ Example code
    known hash functions like SHA-256 when none of the keys have been redacted]]
 
 
+Security considerations
+-----------------------
+
+When a domain's ownership changes, the new controller of the domain can masquerade
+as the previous owner, receiving messages (similarly to email) and request past
+messages from other servers. In the future, proposals like
+`MSC1228 <https://github.com/matrix-org/matrix-doc/issues/1228>`_ will address this
+issue.
+
+
 .. |/query/directory| replace:: ``/query/directory``
 .. _/query/directory: #get-matrix-federation-v1-query-directory