You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.2 KiB
Markdown
38 lines
1.2 KiB
Markdown
# MSC3122: Depretate starting key verifications without requesting first
|
|
|
|
Currently, the spec allows a device to begin a verification via to-device
|
|
messages by sending an `m.key.verification.start` event without first sending
|
|
or receiving an `m.key.verification.request` message. However, doing so does
|
|
not provide a good user experience, and allowing this adds unnecessary
|
|
complexity to implementations.
|
|
|
|
We propose to deprecate allowing this behaviour.
|
|
|
|
Note that verifications in DMs do not allow this behaviour. Currently, Element
|
|
Web is the only client known to do this.
|
|
|
|
## Proposal
|
|
|
|
The ability to begin a key verification by sending an
|
|
`m.key.verification.start` event as a to-device event without a prior
|
|
`m.key.verification.request` is deprecated. New clients should not begin
|
|
verifications in this way, but will still need to accept verifications begun in
|
|
this way, until it is removed from the spec.
|
|
|
|
## Potential issues
|
|
|
|
None.
|
|
|
|
## Alternatives
|
|
|
|
We could do nothing and leave it in the spec. But we should clean up cruft when
|
|
possible.
|
|
|
|
## Security considerations
|
|
|
|
None.
|
|
|
|
## Unstable prefix
|
|
|
|
No unstable prefix is removed since we are simply deprecating behaviour.
|