Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Manually Request access to history when joining a restricted room that allows it. #750

Open
BillCarsonFr opened this issue Oct 13, 2022 · 2 comments
Open

Manually Request access to history when joining a restricted room that allows it. #750

BillCarsonFr opened this issue Oct 13, 2022 · 2 comments
Labels
A-E2EE A-Room O-Occasional Affects or can be seen by some users regularly or most users rarely T-Enhancement Team: Crypto Z-Chronic
Milestone
Crypto Q4 2022

Comments

@BillCarsonFr
Copy link
Member

BillCarsonFr commented Oct 13, 2022
edited by dkasak
Loading

Related to this epic

Inspired from the knocking join rule, when joining a room a user should be able to request access to history
image

Existing members of the room with enough power level should be able to manually accept and forward history keys
image

By requiring an existing member to manually accept we limit the process (extracting historical keys) and potential surface of attack.

Might require Spec work, to send keys in batch instead of one by one:
@BillCarsonFr BillCarsonFr mentioned this issue Oct 13, 2022
Open
4 tasks
@BillCarsonFr BillCarsonFr added this to the Crypto Q4 milestone Oct 13, 2022
@BillCarsonFr BillCarsonFr mentioned this issue Oct 13, 2022
Open
@karlabbott karlabbott added T-Enhancement O-Occasional Affects or can be seen by some users regularly or most users rarely A-Room labels Oct 26, 2022
@karlabbott
Copy link
Contributor

This would be an excellent feature to have in my opinion!

@osresearch osresearch mentioned this issue Dec 2, 2022
Closed
@dkasak
Copy link
Member

dkasak commented Jun 25, 2024
edited
Loading

This only makes sense iff:

  • Device signing is mandated, as in MSC4153, and
  • Either:
    • The user was invited into the room via a MSC3917-style mechanism, or
    • The user that's being invited was previously verified by the inviter, or
    • The user that's being invited had their cryptographic identity previously pinned via a TOFU mechanism (but in this case, we offer a much reduced level of protection in a malicious homeserver environment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-E2EE A-Room O-Occasional Affects or can be seen by some users regularly or most users rarely T-Enhancement Team: Crypto Z-Chronic
Projects
None yet
Milestone
Crypto Q4 2022
Development

No branches or pull requests
3 participants
@dkasak @BillCarsonFr @karlabbott