theotheroracle
commented
2 years ago one issue is x-signing verify over an encrypted chat wouldn't be very secure, so it could theoretically be with a "verifier user" who setuo the bot and verified with the account could verify the new mods through another channel like a call or something
turt2live
Is your feature request related to a problem? Please describe. blocked by e2e
Describe the solution you'd like only allow the bot to be accessed by users from verified sessions so if a user is comprimised they still can't access the bot
Describe alternatives you've considered maybe a password to run commands but i can't think of a way to do that that isn't horrible to use
Additional context this would allow a room to be fully moderated by a moderation team with only one account having admin in the room, reducing the attack surface