-
-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add spec for shared-history room keys (MSC3061) #1655
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we push this to the spec, considering the problems which were subsequently discovered with this MSC3061?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pending a decision about wtf we are doing here
Given this completed FCP, it belongs in the spec. If we want to rip it out the spec again, that will require a new MSC. |
Apparently there are security concerns, specifically around sharing keys for past messages. We'll disclose more details in a few weeks, and then we can decide how best to proceed here. |
Co-authored-by: Johannes Marbach <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
clearing team review request while awaiting security impact
With the recent migration of element clients to the rust SDK this introduced a regression of the spec (Breaks historical room key sharing feature). Any updates on this @turt2live ? |
The reason this was blocked was disclosed in https://matrix.org/blog/2024/10/security-disclosure-matrix-js-sdk-and-matrix-react-sdk/ and the associated advisories. The plan forward is outlined in this section. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Formalizing "proposed spec changes" at https://matrix.org/blog/2024/10/security-disclosure-matrix-js-sdk-and-matrix-react-sdk/#proposed-specification-changes as requiring action. That future MSC will have impact on this spec PR's text.
MSC3061 has been un-merged, so we're going to abandon this for now. |
spec PR for matrix-org/matrix-spec-proposals#3061
Preview: https://pr1655--matrix-spec-previews.netlify.app