archive
/
matrix-spec
mirror of https://github.com/matrix-org/matrix-spec
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
release/v1.12
dbkr/msc4178
release/v1.11
tulir/msc4142
release/v1.10
travis/msc2702-msc2701
rav/ref_objects_in_params
dkasak/foldable-sidebar
travis/knock-join
release/v1.9
release/v1.8
anoa/update_docsy
anoa/nix_flake
dbkr/3077-multi-stream-voip
release/v1.7
dbkr/2746-reliable-voip
rav/links_for_object_defs
release/v1.6
release/v1.5
release/v1.4
anoa/invite_knock_room_state
release/v1.3
push_gateway/r0.1.0
r0.0.0
0.2.0
application_service/r0.1.0
application_service/r0.1.1
application_service/r0.1.2
client-server/0.3.0
client-server/r0.1.0
client-server/r0.2.0
client-server/r0.3.0
client_server/r0.4.0
client_server/r0.5.0
client_server/r0.6.0
client_server/r0.6.1
identity_service/r0.1.0
identity_service/r0.2.0
identity_service/r0.2.1
identity_service/r0.3.0
push_gateway/r0.1.1
r0.0.1
server_server/r0.1.0
server_server/r0.1.1
server_server/r0.1.2
server_server/r0.1.3
server_server/r0.1.4
v1.1
v1.10
v1.11
v1.12
v1.2
v1.3
v1.4
v1.5
v1.6
v1.7
v1.8
v1.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cf73fb97bc'
${ noResults }
matrix-spec/proposals/3122-deprecate-starting-ver...

1.4 KiB
Raw Blame History

MSC3122: Deprecate starting key verifications without requesting first

Currently, the Key verification framework allows a device to begin a verification via to-device messages by sending an m.key.verification.start event without first sending or receiving an m.key.verification.request message. (The last sentence of the 5th paragraph of the Key verification framework in the unstable spec, as of the time of writing.) However, doing so does not provide a good user experience, and allowing this adds unnecessary complexity to implementations.

We propose to deprecate allowing this behaviour.

Note that verifications in DMs do not allow this behaviour. Currently, Element Web is the only client known to do this.

Proposal

The ability to begin a key verification by sending an m.key.verification.start event as a to-device event without a prior m.key.verification.request is deprecated. New clients should not begin verifications in this way, but will still need to accept verifications begun in this way, until it is removed from the spec.

Potential issues

None.

Alternatives

We could do nothing and leave it in the spec. But we should clean up cruft when possible.

Security considerations

None.

Unstable prefix

No unstable prefix is required since we are simply deprecating behaviour.