e2ee/device verification: clarifications #1830
Conversation
Most of the "Error and exception handling" section is generally applicable to other verification methods besides SAS, so I moved those bullet points under "Key verification framework". Signed-off-by: Sumner Evans <[email protected]>
It used to be possible to create a start request without a request, but this was deprecated. Signed-off-by: Sumner Evans <[email protected]>
It can be either a to-device event or an in-room event. Signed-off-by: Sumner Evans <[email protected]>
Signed-off-by: Sumner Evans <[email protected]>
sumnerevans
force-pushed
the
device-verification-clarifications
branch
from
fa53f58
to
b8808ca
Compare
| - When a device receives an unknown `transaction_id`, it should send an | ||
| appropriate `m.key.verification.cancel` message to the other device | ||
| indicating as such. This does not apply for inbound | ||
| `m.key.verification.request` or `m.key.verification.cancel` messages. |
There was a problem hiding this comment.
I just checked, and the spec still allows verifications to start with m.key.verification.start:
When verifying using to-device messages, an m.key.verification.start message can also be sent independently of any request, specifying the verification method to use. This behaviour is deprecated, and new clients should not begin verifications in this way. However, clients should handle such verifications started by other clients.
in https://spec.matrix.org/unstable/client-server-api/#key-verification-framework (second-last paragraph before https://spec.matrix.org/unstable/client-server-api/#mroommessagemkeyverificationrequest).
So this sentence should allow unknown transaction_id for m.key.verification.request, m.key.verification.start, and m.key.verification.cancel.
There was a problem hiding this comment.
We should probably fix this documentation, then
Since the m.relates_to is not required if sending the start as the first message, right?
And the transaction_id is just arbitrary if not related to a request.
There was a problem hiding this comment.
You can only initiate the verification with a .start if it's done using to-device messages. (Confusing, I know.) So the "Required when sent as an in-room message" for m.relates_to is still correct.
…amework Co-authored-by: Richard van der Hoff <[email protected]>
…amework Co-authored-by: Richard van der Hoff <[email protected]>
…amework Co-authored-by: Richard van der Hoff <[email protected]>
…amework Signed-off-by: Sumner Evans <[email protected]>
…amework Signed-off-by: Sumner Evans <[email protected]>
…amework Signed-off-by: Sumner Evans <[email protected]>
…amework Signed-off-by: Sumner Evans <[email protected]>
sumnerevans
force-pushed
the
device-verification-clarifications
branch
from
3aad3c5
to
55375f4
Compare
…amework Signed-off-by: Sumner Evans <[email protected]>
This commit changes the format of all links in the Device Verification
section to be:
[`m.key.verification.whatever`](#mkeyverificationwhatever)
This involved adding links in a bunch of places, but also changing many
links that did not have code within them to have the backticks.
Signed-off-by: Sumner Evans <[email protected]>
sumnerevans
force-pushed
the
device-verification-clarifications
branch
from
17f9944
to
b87ffa6
Compare
Signed-off-by: Sumner Evans <[email protected]>
…n_id or m.relates_to Add notes about the fact that the start event *may* be the first event sent during a verification process and that clients should handle other clients doing so, but not themselves send the start event first. Signed-off-by: Sumner Evans <[email protected]>
Signed-off-by: Sumner Evans <[email protected]>
|
Suddenly there's an awful lot changing in this PR, and it's quite hard to review... |
| this example, Bob's device sends the `m.key.verification.start`, Alice's device | ||
| could also send that message. As well, the order of the | ||
| `m.key.verification.done` messages could be reversed. | ||
| send [`m.key.verification.request`](#mkeyverificationrequest) events to all of |
There was a problem hiding this comment.
For what it's worth, it's not obvious to me that making every single reference to an event into a hyperlink improves readability - as long as the first reference is a hyperlink, I think that would be fine. (Also, it means that all the text in the section is being reformatted, which makes it very hard to see what's actually changing in the text.)
But given it's done now, I'll not insist on it being changed back.
| @@ -4,8 +4,9 @@ allOf: | |||
|
|
|||
| description: |- | |||
| Requests a key verification using to-device messaging. When requesting a key | |||
| verification in a room, a `m.room.message` should be used, with | |||
| [`m.key.verification.request`](#mroommessagemkeyverificationrequest) as msgtype. | |||
| verification in a room, a [`m.room.message`](#mroommessage should be used, | |||
There was a problem hiding this comment.
| verification in a room, a [`m.room.message`](#mroommessage should be used, | |
| verification in a room, a [`m.room.message`](#mroommessage) should be used, |
| of his other devices may support the request. Instead, Bob's device should tell | ||
| Bob that no supported method was found, and allow him to manually reject the | ||
| request. | ||
| Upon receipt of Alice's [`m.key.verification.request`](#mkeyverificationrequest) |
There was a problem hiding this comment.
I think linking to #mkeyverificationrequest incorrectly gives the impression that this only applies to to-device messages:
| Upon receipt of Alice's [`m.key.verification.request`](#mkeyverificationrequest) | |
| Upon receipt of Alice's `m.key.verification.request` |
| [`m.key.verification.request`](#mkeyverificationrequest), | ||
| [`m.key.verification.start`](#mkeyverificationstart), or | ||
| [`m.key.verification.cancel`](#mkeyverificationcancel) messages. |
There was a problem hiding this comment.
Again, this applies as much to in-room m.key.verification.request events as to-device events.
| [`m.key.verification.request`](#mkeyverificationrequest), | |
| [`m.key.verification.start`](#mkeyverificationstart), or | |
| [`m.key.verification.cancel`](#mkeyverificationcancel) messages. | |
| `m.key.verification.request`, `m.key.verification.start` or | |
| `m.key.verification.cancel` messages. |
| @@ -643,8 +655,8 @@ success. A failed attack would result in a mismatched Short | |||
| Authentication String, alerting users to the attack. | |||
|
|
|||
| To advertise support for this method, clients use the name `m.sas.v1` in the | |||
| `methods` fields of the `m.key.verification.request` and | |||
| `m.key.verification.ready` events. | |||
| `methods` fields of the [`m.key.verification.request`](#mkeyverificationrequest) | |||
| The event ID of the `m.key.verification.request` that this message is | ||
| related to. | ||
| The event ID of the | ||
| [`m.key.verification.request`](#mkeyverificationrequest) that this |
There was a problem hiding this comment.
| [`m.key.verification.request`](#mkeyverificationrequest) that this | |
| [`m.key.verification.request`](#mroommessagemkeyverificationrequest) that this |
| Note that sending a start event without a request is deprecated, and | ||
| clients should not send a start event without first sending a request | ||
| event, but clients should handle other clients doing so. |
There was a problem hiding this comment.
| Note that sending a start event without a request is deprecated, and | |
| clients should not send a start event without first sending a request | |
| event, but clients should handle other clients doing so. | |
| Note that sending a `start` event without a `request` is deprecated, and | |
| clients should not send a `start` event without first sending a `request` | |
| event, but clients should handle other clients doing so. |
| Note that sending a start event without a request is deprecated, and | ||
| clients should not send a start event without first sending a request | ||
| event, but clients should handle other clients doing so. |
There was a problem hiding this comment.
| Note that sending a start event without a request is deprecated, and | |
| clients should not send a start event without first sending a request | |
| event, but clients should handle other clients doing so. | |
| Note that sending a `start` event without a `request` is deprecated, and | |
| clients should not send a `start` event without first sending a `request` | |
| event, but clients should handle other clients doing so. |
| Required when sent as an in-room message unless the start event is | ||
| sent without a corresponding | ||
| [`m.key.verification.request`](#mkeyverificationrequest). | ||
|
|
||
| Indicates the | ||
| [`m.key.verification.request`](#mkeyverificationrequest) that this | ||
| message is related to. Note that for encrypted messages, this | ||
| property should be in the unencrypted portion of the event. |
There was a problem hiding this comment.
again, these are linking to the wrong m.key.verification.request
| properties: | ||
| rel_type: | ||
| type: string | ||
| enum: | ||
| - m.reference | ||
| description: |- | ||
| The relationship type. Currently, this can only be an | ||
| [`m.reference`](/client-server-api/#reference-relations) | ||
| relationship type. | ||
| event_id: | ||
| type: string | ||
| description: |- | ||
| The event ID of the | ||
| [`m.key.verification.request`](#mkeyverificationrequest) that | ||
| this message is related to. | ||
| type: object | ||
| title: VerificationRelatesTo |
There was a problem hiding this comment.
it should be possible to inherit these, but override the description. Probably something like:
m.relates_to:
allOf:
- $ref: m.key.verification.m.relates_to.yaml
- description: |-
... blah
|
@sumnerevans are you still interested in working on this? |
e2ee/device verification: move general error handling under framework
Most of the "Error and exception handling" section is generally applicable to other verification methods besides SAS, so I moved those bullet points under "Key verification framework".
e2ee/device verification/error handling: fix typo start -> request
It used to be possible to create a start request without a request, but this was deprecated.
m.key.verification.start: remove wording that it is typically to-device
It can be either a to-device event or an in-room-event.
e2ee/device verification: normalize all links
Changes the format of all links in the Device Verification section to be:
This involved adding links in a bunch of places, but also changing many links that did not have code within them to have the backticks.
e2ee/device verification start: clarify required nature of transaction_id or m.relates_to
Add notes about the fact that the start event may be the first event sent during a verification process and that clients should handle other clients doing so, but not themselves send the start event first.
Signed-off-by: Sumner Evans [email protected]
Pull Request Checklist
Preview: https://pr1830--matrix-spec-previews.netlify.app