Commit Graph

8 Commits (e1266b859f87032bc6e2a66daa26e3fd22faedad)

Author SHA1 Message Date
Travis Ralston 0347e873ef Specify .well-known s2s discovery and X.509 validation
Original proposals:
* https://github.com/matrix-org/matrix-doc/pull/1708 (note: the JSON requirements were softened by https://github.com/matrix-org/matrix-doc/pull/1824)
* https://github.com/matrix-org/matrix-doc/pull/1711

Implementation proofs:
* https://github.com/matrix-org/synapse/pull/4489
* No explicit PRs for MSC1711 could be found, however Synapse is known to implement it.

There are no intentional changes which differ from the proposals in this commit, however the author has relied upon various historical conversations outside of the proposals to gain the required context. Inaccuracies introduced by the author are purely accidental.
6 years ago
Travis Ralston cafd1a9ab3 Use more modern timestamps 6 years ago
Travis Ralston e27f4a69a0 Key versions must be [0-9a-zA-Z_] 6 years ago
Travis Ralston bdccfca726 Timestamps should be in milliseconds 6 years ago
Travis Ralston cad1db2a14 Unpadded means unpadded 6 years ago
Travis Ralston 8e97b0ca81 Improve the server key exchange portion of the s2s specification
Most of the text has been shuffled into the swagger definitions to bring it closer to where it matters.

This also attempts to clarify what is out in the wild. Most importantly, the first version of the key exchange is outright removed from the specification. Other research points/questions are:

* What is a "Key ID"?
  * 1241156c82/synapse/rest/key/v2/local_key_resource.py (L81-L83)
  * 1241156c82/synapse/rest/key/v2/local_key_resource.py (L88-L91)
* Returning a cached response if the server throws a 400, 500, or otherwise not-offline status code
  * 1241156c82/synapse/rest/key/v2/remote_key_resource.py (L227-L229)
* `minimum_valid_until_ts` default
  * This branch of the ladder: 1241156c82/synapse/rest/key/v2/remote_key_resource.py (L192)
* Returning empty arrays when querying offline/no servers
  * Queried by hand against matrix.org as a notary server with a fake domain name to query
* Returning all keys even when querying for specific keys
  * Queried by hand using matrix.org as a notary server against a server publishing multiple keys.

The examples and descriptions were also improved as part of this commit.
6 years ago
Travis Ralston bafdcf3640 Full stops, spelling, and operation IDs. 6 years ago
Travis Ralston bd2c0b7c98 Convert server keys to swagger 6 years ago