MSC3983: Sending One-Time Key (OTK) claims to appservices #3983
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -103,6 +103,24 @@ to have a namespace covering the user: instead of guessing or going around to ea | |
| user to be in an exclusive namespace. This guarantees that there's only one appservice responsible | ||
| for the user. | ||
|
|
||
| ## Returning extra keys | ||
|
|
||
| **TODO**: This is probably best as its own MSC. | ||
|
|
||
| Independent of the appservice having `/keys/claim` proxied to it, it may be desireable for both the | ||
| fallback and one-time key to be returned. Servers should *always* include the fallback key alongside | ||
| the requested OTKs. When using this proposal's new endpoint, the server should use the fallback key | ||
| from the appservice's response rather than a previously stored fallback key, if present (if the | ||
| appservice doesn't respond with a fallback key then the server uses the stored fallback key instead, | ||
| if known). | ||
|
Comment on lines
+112
to
+115
There was a problem hiding this comment. This doesn't define if the appservice should be queried for fallback keys if a OTK is in the database. There was a problem hiding this comment. In lieu of MSC text: the appservice is supposed to be queried, similar to MSC3984 where the server uses what it knows if the appservice didn't provide it. There was a problem hiding this comment. Actually I suppose the text in the MSC is enough as is:
This would not match what you just wrote though and would mean it is not possible for an appservice to only provide fallback keys. I'm not sure if that's a good thing or a bad thing though. 🤷 If we really do want that then I think we want to use different endpoints or something. Otherwise the appservice wouldn't know if we truly want to query for OTKs or only for fallback keys (it could end up returning OTKs which go unused?) |
||
|
|
||
| The server SHOULD NOT replace any uploaded fallback keys with ones returned by the appservice via | ||
| this proposal. The appservice MUST re-upload the fallback key if it wants to replace it, as it would | ||
| do upon first (known) use. | ||
|
|
||
| Clients can determine which of the keys returned is the fallback key by `fallback: true` on the returned | ||
| keys. | ||
|
|
||
| ## Potential issues | ||
|
|
||
| As described, the appservice could be offline or in fact experience a worse uptime than the homeserver. | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this enough of a change that it need to be a
v4of the endpoint, perhaps? (Or a query parameter which defaults to the current behavior?)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it'd be fine, though open to thoughts. Currently clients appear to pick the "first" key returned, not validating if the extra data is useful to them. In theory this means we can include extra keys with no issues, though if there's a significant need to have it be a dedicated endpoint then let's do that.
We should probably only do this fallback stuff on an
/unstable/org.matrix.msc3983endpoint though, just in case.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
matrix-org/synapse#15462 implements this as a separate endpoint.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another piece of this I realized during implementation is if we need to also make a change on the federation side.