Closed benparsons closed 4 years ago
The API was designed for option 1, and mostly works for option 2, but it seems like the /room_keys/version
API could work better with the PK encryption, and doesn't seem to support the "Verifying the device [new] with an existing device, so the device gets a copy of the recovery-key public key, and can start backing up into the same session" use case.
I think one way to support that is to have the client use the version
API to upload the public key for the backup, signed with the device's signing key, along with the device ID. When a new device signs in and wants to back up to that version, then it prompts the user to verify one of the devices that signed the public key. Once the device has been verified, the new device can sign the public key and upload its signature, so that newer devices can check the public key by verifying that device. (Alternatively, we could integrate with the cross-signing data somehow, so that we don't need multiple signatures.)
I think most of this (other than uploading other signatures) can be done with the existing API by changing the contents of the auth_data.
@mscbot fcp merge ?
Team member @uhoreg has proposed to merge this. The next step is review by the rest of the tagged people:
No concerns currently listed.
Once at least 75% of reviewers approve (and none object), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!
See this document for info about what commands tagged team members can give me.
:bell: This is now entering its final comment period, as per the review above. :bell:
The final comment period, with a disposition to merge, as per the review above, is now complete.
This issue should remain open because it is under the legacy process - we'll close it when the spec PR has been merged.
@uhoreg if you have proofs of implementation, please link to them here.
Synapse implementation: mainly in https://github.com/matrix-org/synapse/pull/4019, with some bits in https://github.com/matrix-org/synapse/pull/4123, https://github.com/matrix-org/synapse/pull/4580, https://github.com/matrix-org/synapse/pull/6189, and https://github.com/matrix-org/synapse/pull/5858 (the last one needs a bit of tweaking yet) JS-SDK implementation mainly: in https://github.com/matrix-org/matrix-js-sdk/pull/736 with a bit in https://github.com/matrix-org/matrix-js-sdk/pull/786
Merged! :tada:
Documentation: https://github.com/matrix-org/matrix-doc/pull/1538 Author: @ara4n, @uhoreg Date: 23/11/2017