MSC4386: Automatically sharing secrets after device verification#4386
MSC4386: Automatically sharing secrets after device verification#4386uhoreg wants to merge 2 commits intomatrix-org:mainfrom
Conversation
uhoreg
changed the title
uhoreg
added
e2e
proposal
There was a problem hiding this comment.
Implementation requirements:
- Sending client
- Receiving client (ideally different from the sending one)
| "m.cross_signing.self_signing", | ||
| "m.cross_signing.user_signing" | ||
| ], | ||
| "requested": ["org.example.custom"] |
There was a problem hiding this comment.
Wouldn't DEVICEB already know that DEVICEA cannot provide this secret based on the earlier verification request?
There was a problem hiding this comment.
Yes, it if wanted to, DEVICEB could tailor its response based on what it saw from DEVICEA's event.
|
|
||
| ## Potential issues | ||
|
|
||
| None? |
There was a problem hiding this comment.
When using in-room verification, I think, you could theoretically run into the 64KiB event size limit? Secrets stored in account data won't be subject to this limit. Even if they were, you could exceed it because multiple secrets are combined in a single m.key.verification.secrets event.
This is probably not a practical problem because secrets should normally be relatively small. So I'm not sure if we really need to do anything. Maybe a dedicated error code at most?
There was a problem hiding this comment.
We don't share secrets with other users, and in-room verification is only used for verifying other users.
But yes, we should be aware of event sizes. It shouldn't be a problem for now because we only have a small number of secrets, and each secret is small, but maybe in the future. I'll add a comment..
4 participants
Rendered
Disclosure: I am a member of the Element crypto team, and of the Spec Core Team. This proposal is written as a member of the Element crypto team.