Skip to content
This repository has been archived by the owner on May 6, 2020. It is now read-only.

E2E: Bidirectional user verification #233

Open
6 of 17 tasks
Tracked by #222
lampholder opened this issue Oct 19, 2018 · 2 comments
Open
6 of 17 tasks
Tracked by #222

E2E: Bidirectional user verification #233

lampholder opened this issue Oct 19, 2018 · 2 comments
Labels
e2e feature phase:2

Comments

@lampholder
Copy link
Member

lampholder commented Oct 19, 2018
edited
Loading

interactive (SAS) verification

  • spec
    • decide what emoji to use
    • decide how many bits to verify (i.e. the size of the SAS)
    • decide on any other outstanding issues
    • get the MSC accepted
  • synapse: no work needed
  • libolm
    • SAS module (or any better name)
      • create/delete session
      • generate SAS code (as an array of numbers)
      • hash data
  • js-sdk (and android-sdk, ios-sdk)
    • handle sending/receiving to_device messages
  • react-sdk (and riot-android, riot-ios)
    • convert SAS code from olm into something human-readable (hex/words/emoji)
    • general UI work

QR code

  • spec
    • decide how to prevent Bob from blindly clicking "OK" before Alice's devices gives the 👍
    • decide on any other outstanding issues
    • get the MSC accepted
  • synapse: no work needed
  • libolm: no work needed
  • js-sdk (and android-sdk, ios-sdk)
    • handle sending/receiving to_device messages
    • generate URL for QR code
    • verify URL from QR code
  • react-sdk (and riot-android, riot-ios)
This was referenced Oct 19, 2018
Open
Open
@nadonomy
Copy link

Note: @lampholder and I just had a discussion where we raised that monodirectional first, and updating to bidirectional isn't without fault.

Is it better to just ship 'verification' once and not have a security system change? Does that reduce user confusion/inspire more confidence in our security?

@uhoreg
Copy link
Member

uhoreg commented Nov 8, 2018
edited
Loading

interactive (SAS) verification

  • spec
    • decide what emoji to use
    • decide how many bits to verify (i.e. the size of the SAS)
    • decide on any other outstanding issues
    • get the MSC accepted
  • synapse: no work needed
  • libolm
    • SAS module (or any better name)
      • create/delete session
      • generate SAS code (as an array of numbers)
      • hash data
  • js-sdk (and android-sdk, ios-sdk)
    • handle sending/receiving to_device messages
  • react-sdk (and riot-android, riot-ios)
    • convert SAS code from olm into something human-readable (hex/words/emoji)
    • general UI work

QR code

  • spec
    • decide how to prevent Bob from blindly clicking "OK" before Alice's devices gives the 👍
    • decide on any other outstanding issues
    • get the MSC accepted
  • synapse: no work needed
  • libolm: no work needed
  • js-sdk (and android-sdk, ios-sdk)
    • handle sending/receiving to_device messages
    • generate URL for QR code
    • verify URL from QR code
  • react-sdk (and riot-android, riot-ios)

This was referenced Dec 11, 2018
Closed
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
e2e feature phase:2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@uhoreg @lampholder @nadonomy