-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve the server key exchange portion of the s2s specification #1423
Conversation
debc062
to
5fb786b
Compare
5fb786b
to
87d1672
Compare
Most of the text has been shuffled into the swagger definitions to bring it closer to where it matters. This also attempts to clarify what is out in the wild. Most importantly, the first version of the key exchange is outright removed from the specification. Other research points/questions are: * What is a "Key ID"? * https://github.com/matrix-org/synapse/blob/1241156c82644d5609f45659607a356af5d8fe08/synapse/rest/key/v2/local_key_resource.py#L81-L83 * https://github.com/matrix-org/synapse/blob/1241156c82644d5609f45659607a356af5d8fe08/synapse/rest/key/v2/local_key_resource.py#L88-L91 * Returning a cached response if the server throws a 400, 500, or otherwise not-offline status code * https://github.com/matrix-org/synapse/blob/1241156c82644d5609f45659607a356af5d8fe08/synapse/rest/key/v2/remote_key_resource.py#L227-L229 * `minimum_valid_until_ts` default * This branch of the ladder: https://github.com/matrix-org/synapse/blob/1241156c82644d5609f45659607a356af5d8fe08/synapse/rest/key/v2/remote_key_resource.py#L192 * Returning empty arrays when querying offline/no servers * Queried by hand against matrix.org as a notary server with a fake domain name to query * Returning all keys even when querying for specific keys * Queried by hand using matrix.org as a notary server against a server publishing multiple keys. The examples and descriptions were also improved as part of this commit.
87d1672
to
8e97b0c
Compare
required: true | ||
example: "Base+64+Encoded+Signature+Verification+Key" | ||
example: "VGhpcyBzaG91bGQgYmUgYSByZWFsIGVkMjU1MTkgcGF5bG9hZA==" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if it's unpadded base64... why is this padded?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(this is a theme throughout the examples)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because I did the examples before the docs in this case. Will fix.
} | ||
} | ||
properties: | ||
expired_ts: | ||
type: integer | ||
format: int64 | ||
description: The expiration time. | ||
description: POSIX timestamp for when this key expired. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
normally we explicitly say it's in ms.
} | ||
} | ||
properties: | ||
expired_ts: | ||
type: integer | ||
format: int64 | ||
description: The expiration time. | ||
description: POSIX timestamp for when this key expired. | ||
required: true | ||
example: 922834800000 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
funny-looking timestamp.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's from 1999. Considering this is the "expired" parameter, it seems fine? (it's also ported from ancient docs)
Edit: will make more modern.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, the problem is that I expect timestamps to start with 14 or 15 or so; when I see one starting with a 9 I wonder if it is actually a posix timestamp.
api/server-server/keys_query.yaml
Outdated
description: |- | ||
Query for keys from multiple servers in a batch format. The receiving (notary) | ||
server must sign the keys returned by the queried servers. | ||
operationId: postQueryKeys |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure this is a better operationId
api/server-server/keys_server.yaml
Outdated
description: |- | ||
Gets the homeserver's published TLS fingerprints and signing keys. | ||
The homeserver may have any number of active keys and may have a | ||
number of old keys. Homeservers SHOULD return a single JSON object |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure they SHOULD... tbh I think it's a bug in synapse that they do.
maybe we should deprecate the keyId
parameter?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Deprecating seems best, given both synapse and dendrite ignore it.
api/server-server/keys_server.yaml
Outdated
operationId: getServerKey | ||
parameters: | ||
- in: path | ||
name: keyId | ||
type: string | ||
description: Key ID | ||
description: |- | ||
The key ID to look up. If omitted or empty, all server keys are |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this conflicts with the text in the description,
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How so? The argument is optional, so the last bit here is to reinforce what should happen when the parameter isn't provided.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
well, it's incorrect by omission. Apparently it should be ignored?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose. Will update alongside deprecation.
specification/server_server_api.rst
Outdated
|
||
Each homeserver publishes its public keys under ``/_matrix/key/v2/server/``. | ||
Homeservers query for keys by either getting ``/_matrix/key/v2/server/`` | ||
Each homeserver publishes its public keys under ``/_matrix/key/v2/server/{keyId}`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
missing `
@@ -87,10 +97,12 @@ properties: | |||
properties: | |||
sha256: | |||
type: string | |||
description: The encoded fingerprint. | |||
example: Base+64+Encoded+SHA-256-Fingerprint | |||
description: The `Unpadded Base64`_ encoded fingerprint |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
given we now say this is unpadded base64, we can probably remove it from the description
on tls_fingerprints
.
description: |- | ||
Public keys of the homeserver for verifying digital signatures. | ||
|
||
The object's key is the algorithm and version combined (``ed25519`` being the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should have some words here about what constitutes a valid version
. I don't know if you want to grasp that particular nettle right now though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like synapse uses [a-zA-Z0-9_]
- is it fair to say that it must match that regex?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, that sounds good. let's go with it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@richvdh should be updated. Please take another look. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks amazing. sorry for forgetting to review it.
\o/ one down, half a billion to go :) Thanks for taking a look |
Rendered: See "docs" commit status.
Most of the text has been shuffled into the swagger definitions to bring it closer to where it matters.
This also attempts to clarify what is out in the wild. Most importantly, the first version of the key exchange is outright removed from the specification. Other research points/questions are:
minimum_valid_until_ts
defaultThe examples and descriptions were also improved as part of this commit.