From 1eacc25a18fc25a35da2595b78196f2d6ebadefb Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Fri, 14 Nov 2014 11:30:43 +0000
Subject: [PATCH] Talk about how to deal with unauthorized events

---
 drafts/flows_and_auth.rst | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/drafts/flows_and_auth.rst b/drafts/flows_and_auth.rst
index f29093a3..2bd54391 100644
--- a/drafts/flows_and_auth.rst
+++ b/drafts/flows_and_auth.rst
@@ -94,3 +94,20 @@ A user may send an event if all the following hold true:
     user must have at least that power level. Otherwise, the user must have a
     power level of at least `events_default` or `state_default`, depending on
     if the event is a message or state event respectively.
+
+
+Unauthorized events
+-------------------
+
+An unauthorized event should not be accepted into the event graph, i.e. new
+events should not reference any unauthorized events. There are situations where
+this can happen and so it is not considered an error to include an unauthorized
+event in the event graph. It is an error for events to refer unauthorized
+events in their `auth_events` section and will in turn be considered
+unauthorized.
+
+A server may choose to store only the redacted form of an unauthorized event if
+it is included in the event graph.
+
+A server may emit a warning to a remote server if it references an event it
+considers unauthorized.