Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSC 1659 Proposal: Change Event IDs to Hashes #1659

Merged
merged 16 commits into from
Jan 30, 2019
Merged

MSC 1659 Proposal: Change Event IDs to Hashes #1659

Changes from 2 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
67c6edb
MSC 1640 Proposal: Change Event IDs to Hashes
erikjohnston Sep 5, 2018
4c595fd
Update with conclusions of open questions
erikjohnston Oct 2, 2018
9a87a80
Fixup paragraph
erikjohnston Jan 22, 2019
aebdf2e
Fixup and expand
erikjohnston Jan 22, 2019
5e75c29
Spell out changes to event format and APIs
erikjohnston Jan 22, 2019
cb51a11
Expand changes to api section
erikjohnston Jan 22, 2019
54d9a7e
Grammar
erikjohnston Jan 22, 2019
25115c4
Make the sentence make sense
erikjohnston Jan 22, 2019
74f496b
Update proposals/1640-event-id-as-hashes.md
uhoreg Jan 23, 2019
41b1855
Fixup wording of redactions
erikjohnston Jan 23, 2019
7d5a051
Update proposals/1640-event-id-as-hashes.md
uhoreg Jan 24, 2019
583179a
Clarify we're using unpadded base64
erikjohnston Jan 24, 2019
f9a8526
Move MSC number
erikjohnston Jan 24, 2019
ad96ae0
Explicitly state this will be a new v3 room version
erikjohnston Jan 24, 2019
af34773
Update 1659-event-id-as-hashes.md
neilisfragile Jan 29, 2019
66dc771
Update proposals/1659-event-id-as-hashes.md
KitsuneRal Jan 30, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions proposals/1640-event-id-as-hashes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# Changing Event IDs to be Hashes

## Motivation

Having event IDs separate from the hashes leads to issues when a server
receives multiple events with the same event ID but different hashes.
erikjohnston marked this conversation as resolved.
Show resolved Hide resolved
While APIs could be changed to better support dealing with this
situation, it is easier and nicer to simply drop the idea of a separate
event ID entirely.
erikjohnston marked this conversation as resolved.
Show resolved Hide resolved

## Identifier Format
erikjohnston marked this conversation as resolved.
Show resolved Hide resolved

Currently hashes in JSON include the hash name, allowing servers to
erikjohnston marked this conversation as resolved.
Show resolved Hide resolved
choose which hash functions to use. The idea here was to allow a gradual
change between hash functions without the need to globally coordinate
shifting from one hash function to another.

However now that room versions exist, changing hash functions can be
achieved by bumping the room version. Using this method would allow
using a simple string as the event ID rather than a full structure,
significantly easing their usage.

One side effect of this would be that there would be no indication about
which hash function was actually used, and it would need to be inferred
from the room version. To aid debuggability it may be worth encoding the
hash function into the ID format.

**Conclusion:** Don't encode the hash function, since the hash will depend on
the version specific redaction algorithm anyway.

## Protocol Changes
erikjohnston marked this conversation as resolved.
Show resolved Hide resolved

The `auth_events` and `prev_events` fields on an event need to be
changed from a list of tuples to a list of strings, i.e. remove the old
event ID and simply have the list of hashes.

The auth rules also need to change:

- The event no longer needs to be signed by the domain of the event ID
(but still needs to be signed by the sender’s domain)

- In redactions we currently allow them if the domain of the redaction
erikjohnston marked this conversation as resolved.
Show resolved Hide resolved
event ID matches the domain of the event ID its redacting. This
allows self redaction for servers, but would no longer be possible
and there isn’t an obvious way round it.
The only practical suggestion to this is to accept the redactions and only
check if we should redact the target event once we received the target
event.