MSC3676: Transitioning away from reply fallbacks (#3676)
* MSC3676: Transitioning away from reply fallbacks * msc number * md fails * typoe * Update proposals/3676-transitioning-away-from-reply-fallbacks.md Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> * incorporate feedback * consolidate justification Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>pull/977/head
parent
dd32431b85
commit
2cd2a7122c
@ -0,0 +1,89 @@
|
|||||||
|
# MSC3676: Transitioning away from reply fallbacks.
|
||||||
|
|
||||||
|
## Problem
|
||||||
|
|
||||||
|
As per [MSC2781](https://github.com/matrix-org/matrix-doc/pull/2781)
|
||||||
|
(Remove reply fallbacks), the current reply fallback implementation is very
|
||||||
|
problematic:
|
||||||
|
* Its quotes leak history which may not be visible to the user
|
||||||
|
* The quoted sections may trigger unexpected notifications
|
||||||
|
* `<mx-reply/>` tags are hard and dangerous to manipulate, and have caused
|
||||||
|
multiple vulnerabilities in clients
|
||||||
|
* They don't localise.
|
||||||
|
|
||||||
|
[MSC2781](https://github.com/matrix-org/matrix-doc/pull/2781) proposes
|
||||||
|
removing them entirely. However, this triggers a relatively large cascade of
|
||||||
|
additional dependent work:
|
||||||
|
* Some users rely on their mxid existing in fallbacks to notified when
|
||||||
|
someone replies to their messages. So we'd need to create and implement
|
||||||
|
new push rules to recreate this feature ([MSC3664](https://github.com/matrix-org/matrix-doc/pull/3664)).
|
||||||
|
* The push rules are even more complicated than expected for this, because
|
||||||
|
they also would need to stop replies which are used as fallback for
|
||||||
|
threads (as per [MSC3440](https://github.com/matrix-org/matrix-doc/pull/3440))
|
||||||
|
from firing notifications.
|
||||||
|
* In the absence of fallbacks, in order to render replies simple clients will
|
||||||
|
now have to parse `m.in_reply_to` objects and fish around for the missing
|
||||||
|
events (or ask the server to bundle the replies, which is not yet a
|
||||||
|
thing).
|
||||||
|
|
||||||
|
Meanwhile, [MSC3440](https://github.com/matrix-org/matrix-doc/pull/3440)
|
||||||
|
(Threads) uses replies as a fallback representation for threads (which is
|
||||||
|
very desirable to support clients while the threads transition is happening,
|
||||||
|
or to support simpler clients which support replies but not threads).
|
||||||
|
However, currently `m.in_reply_to` is only allowed on `m.room.message` events
|
||||||
|
of msgtype `m.text`, which means it cannot currently be used as a fallback
|
||||||
|
for arbitrary threaded events.
|
||||||
|
|
||||||
|
## Proposal
|
||||||
|
|
||||||
|
As a transitional step towards removing reply fallbacks entirely, instead: we
|
||||||
|
make reply fallbacks best effort. Specifically:
|
||||||
|
|
||||||
|
* `m.in_reply_to` is relaxed to apply to any event type
|
||||||
|
* In practice only `m.room.message` events with msgtype `m.text` or similar
|
||||||
|
(`m.emote`, `m.notice`) would be able to express reply fallbacks (using the
|
||||||
|
`m.body`, `format` and `formatted_body` fields).
|
||||||
|
* Thread events using replies as a fallback representation for threads should
|
||||||
|
not include a textual reply fallback at all (and so avoid threaded messages
|
||||||
|
triggering notifications). The same would apply for any other usage which uses
|
||||||
|
replies as a fallback.
|
||||||
|
|
||||||
|
This means that we can still use reply fallbacks for notification purposes
|
||||||
|
until that is properly fixed by [MSC2781](https://github.com/matrix-org/matrix-doc/pull/2781)
|
||||||
|
and [MSC3664](https://github.com/matrix-org/matrix-doc/pull/3664) - decoupling this
|
||||||
|
additional work from landing threads in
|
||||||
|
[MSC3440](https://github.com/matrix-org/matrix-doc/pull/3440).
|
||||||
|
Replying to a message with an attachment won't trigger a notification, but
|
||||||
|
this is no worse than the behaviour today.
|
||||||
|
|
||||||
|
## Alternatives
|
||||||
|
|
||||||
|
We could remove fallbacks entirely and do all the subsequent work needed to
|
||||||
|
support that ([MSC2781](https://github.com/matrix-org/matrix-doc/pull/2781),
|
||||||
|
[MSC3664](https://github.com/matrix-org/matrix-doc/pull/3664) and whatever
|
||||||
|
MSC handles thread+fallback notification interaction). However,
|
||||||
|
we believe that adding threads to Matrix is (much) higher priority and
|
||||||
|
value for Matrix than cleaning up edge cases around reply fallbacks, and
|
||||||
|
given the two can be decoupled, they should be. The importance of threads is
|
||||||
|
based on the fact that we're seeing Matrix repeatedly fail to be selected as
|
||||||
|
a collaboration technology thanks to other alternatives supporting
|
||||||
|
Slack-style threads.
|
||||||
|
|
||||||
|
We could not use `m.in_reply_to` as a fallback for clients which don't
|
||||||
|
understand `m.thread`, but this would result in an unnecessarily
|
||||||
|
terrible fallback for older/transitional/WIP/simple clients.
|
||||||
|
|
||||||
|
## Security
|
||||||
|
|
||||||
|
By temporarily keeping reply fallbacks around on a best effort basis, we're
|
||||||
|
still vulnerable to their security risks. Client implementors should read
|
||||||
|
the [security issues highlighted in MSC2781](https://github.com/deepbluev7/matrix-doc/blob/drop-the-fallbacks/proposals/2781-down-with-the-fallbacks.md#appendix-b-issues-with-the-current-fallbacks)
|
||||||
|
if implementing reply fallbacks.
|
||||||
|
|
||||||
|
## Unstable prefix
|
||||||
|
|
||||||
|
None needed.
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
None. (MSC3440 will depend on this, however)
|
Loading…
Reference in New Issue