Clarify membership checking over federation.

pull/977/head
Patrick Cloke 4 years ago committed by Richard van der Hoff
parent 5d1bebedf0
commit 06f0d622a9

@ -123,8 +123,8 @@ the call to `/join` or `/make_join` / `/send_join` regardless).
### Checking room membership over federation ### Checking room membership over federation
If a server is not in a room (and thus doesn't know the membership of a room) it If a server is not in a room (and thus doesn't know the membership of a room) it
cannot enforce membership of a room during a join. Peeking over federation, cannot enforce membership of a room during a call to `/make_join`, or `/send_join`.
as described in [MSC2444](https://github.com/matrix-org/matrix-doc/pull/2444), Peeking over federation, as described in [MSC2444](https://github.com/matrix-org/matrix-doc/pull/2444),
could be used to establish if the user is in any of the proper rooms. could be used to establish if the user is in any of the proper rooms.
Note that there are additional security considerations with this, namely that Note that there are additional security considerations with this, namely that
@ -132,8 +132,8 @@ the peek server has significant power. For example, a poorly chosen peek
server could lie about the room membership and add an `@evil_user:example.org` server could lie about the room membership and add an `@evil_user:example.org`
to a room to gain membership to a room. to a room to gain membership to a room.
This MSC recommends rejecting the join in this case and allowing the requesting As iterated above, this MSC recommends rejecting the join, potentially allowing
homeserver to ask another homeserver. the requesting homeserver to retry via another homeserver.
### Kicking users out when they leave the allowed space ### Kicking users out when they leave the allowed space

Loading…
Cancel
Save