-
-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify that join events only need to be signed by resident servers if using join_authorised_via_users_server
#1708
Comments
For context: As mentioned in matrix-org/synapse#16717 / element-hq/synapse#16717, when joining a room, Conduit relies on the behavior currently written in the spec, which Synapse does not implement; and the change @erikjohnston suggests would make the spec consistent with Synapse. |
…ng restricted joins should resolve matrix-org/matrix-spec#1708 on for conduwuit until spec clarifies. Signed-off-by: strawberry <strawberry@puppygock.gay>
…ng restricted joins should resolve matrix-org/matrix-spec#1708 on for conduwuit until spec clarifies. Signed-off-by: strawberry <strawberry@puppygock.gay>
If the signature is not needed, the server does not need to send the |
Could you be clearer about what you mean here? Naively: if servers don't send out join events, how do other servers in the room know that a user has joined? |
The response to /send_join has a field called |
Seems like the current behavior in the spec was intended, so Synapse is likely in the wrong here. |
I'm unsure if you're agreeing or disagreeing with the behavior in the issue. But the current spec and the MSC agree that the resident server only needs to sign the event in the case of a restricted join. This is explained in the description of |
I'm disagreeing, because what the spec says is very explicit.
The spec doesn't seem to, and requires it if the room version supports restricted joins:
https://spec.matrix.org/v1.10/server-server-api/#put_matrixfederationv2send_joinroomideventid |
A separate part of the spec is what I was referring to:
The MSC is explicit that not all events have to be signed by the resident server, see footnote 3:
The text in the spec may not be fully clear, but the behavior in conduit is incorrect. The resident server signature is only required when a user is joining via a restricted join. I would welcome an MSC that has the resident server always sign this event. |
Ah, seems you're correct, my bad. I will write a spec PR shortly, since this seems like an easy fix. |
Must admit that I am slightly struggling to wrap my head around this, so let me try to set it out step by step. As I understand it:
In other words: there are two factors at play:
|
I've probably missed something here, but my proposal for dealing with it would be:
|
I think this is a backwards way of looking at it. I would reword your two factors:
For the first item, I'm of the opinion it is clear in the MSC: the signature should only be populated in situations where the join is authorized via one of the allow rules. In other situations the resident server should not sign the event. For the second item, which seems to be the crux of this issue, I disagree that Synapse uses the fourth interpretation. It uses the first interpretation, but is lazy about it and just always returns the If you take my interpretation about when to sign as correct then (Note much of this is from my memory between conversations with @erikjohnston while designing this feature. I agree the MSC is vague, but the above was the intention in the wording.) |
I think this makes sense if by the first one you mean |
Mmm ok. I think the point is that the MSC, and spec, only attempt to define behaviour in the first situation. As far as I can see, there is no mention in the MSC about situations in which it makes sense to return the event without having also signed it.
Ok. Is that the same as my "fourth interpretation" ("only for joins to rooms where the join_rules are set to restricted, and the user is joining by virtue of an allow rule in the join restrictions")? And the same as what Synapse is doing? I think it is.
According to what definition? I don't see this in any MSCs, other than being mentioned as a future aspiration in MSC3083.
Again, I dispute that. |
Having discussed this further with @clokep (https://matrix.to/#/!NasysSDfxKxZBzJJoE:matrix.org/$0aRyYMjrzKlDeRHFSFQiNGQv_GgqlWaxGR6HFPhOmHs?via=matrix.org&via=envs.net&via=element.io etc), I think we're actually aligned on the solution here. Using @clokep's wording: Servers should return This requires a change to the spec to be clearer about when |
I tried to clarify this again in #1840. |
Link to problem area: https://spec.matrix.org/v1.9/server-server-api/#put_matrixfederationv2send_joinroomideventid
The join event only needs a signature from a resident server if joining via the restricted join rules flow, i.e.
join_authorised_via_users_server
is specified.c.f. MSC3083 and Room Version 8 auth rules
The text was updated successfully, but these errors were encountered: