Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

we do not correctly honour the validity period on server signing keys #4364

Closed
richvdh opened this issue Jan 8, 2019 · 2 comments
Closed

we do not correctly honour the validity period on server signing keys #4364

richvdh opened this issue Jan 8, 2019 · 2 comments
Assignees
@richvdh

Comments

@richvdh
Copy link
Member

richvdh commented Jan 8, 2019
edited
Loading

when we ask a server for its signing keys, it gives us a validity period, after which we should not accept federation requests signed by those keys, nor should we accept events with an origin_server_ts older than the validity period.

We need to start enforcing that
@richvdh
Copy link
Member Author

richvdh commented Jan 8, 2019

(this is likely to need a room version bump)

@neilisfragile neilisfragile added v1.0 and removed r0 P2 labels Feb 28, 2019
@neilisfragile neilisfragile mentioned this issue Mar 20, 2019
Closed
@turt2live turt2live mentioned this issue Mar 20, 2019
Closed
@neilisfragile neilisfragile mentioned this issue May 24, 2019
Closed
@turt2live turt2live mentioned this issue May 24, 2019
Closed
@richvdh richvdh mentioned this issue Jun 4, 2019
Merged
richvdh added a commit that referenced this issue Jun 5, 2019
@richvdh
Implement room v5 which enforces signing key validity
d18e4ea 
Implements [MSC2077](matrix-org/matrix-spec-proposals#2077) and
fixes #5247 and #4364.
@richvdh richvdh mentioned this issue Jun 5, 2019
Merged
@richvdh
Copy link
Member Author

richvdh commented Jun 6, 2019

fixed by room v5 (#5354)

@richvdh richvdh closed this as completed Jun 6, 2019
@anoadragon453 anoadragon453 mentioned this issue Jul 23, 2019
Closed
@matrixbot matrixbot mentioned this issue Oct 31, 2024
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@richvdh richvdh

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@neilisfragile @richvdh