e2ee/device verification start: clarify required nature of transaction_id or m.relates_to

Add notes about the fact that the start event *may* be the first event sent during a verification process and that clients should handle other clients doing so, but not themselves send the start event first. Signed-off-by: Sumner Evans <sumner.evans@automattic.com>
2026-03-24 03:54:10 +01:00 · 2024-06-07 11:19:35 -06:00 · 2024-06-07 11:19:35 -06:00 · 4282a1a319
parent a79d5a66ed
commit 4282a1a319
1 changed files with 44 additions and 6 deletions
--- a/data/event-schemas/schema/m.key.verification.start.yaml
+++ b/data/event-schemas/schema/m.key.verification.start.yaml
@ -16,11 +16,20 @@ properties:
      transaction_id:
        type: string
        description: |-
-          Required when sent as a to-device message. An opaque identifier for
-          the verification process. Must be unique with respect to the devices
-          involved. Must be the same as the `transaction_id` given in the
-          `m.key.verification.request` if this process is originating from a
-          request.
+          Required when sent as a to-device message unless the start event is
+          sent without a corresponding
+          [`m.key.verification.request`](#mkeyverificationrequest).
+
+          An opaque identifier for the verification process. Must be unique
+          with respect to the devices involved.
+
+          Must be the same as the `transaction_id` given in the
+          [`m.key.verification.request`](#mkeyverificationrequest) if this
+          process is originating from a request.
+
+          Note that sending a start event without a request is deprecated, and
+          clients should not send a start event without first sending a request
+          event, but clients should handle other clients doing so.
      method:
        type: string
        description: |-
@ -32,7 +41,36 @@ properties:
          when the `method` chosen only verifies one user's key. This field will
          never be present if the `method` verifies keys both ways.
      m.relates_to:
-        $ref: m.key.verification.m.relates_to.yaml
+        description: |-
+          Required when sent as an in-room message unless the start event is
+          sent without a corresponding
+          [`m.key.verification.request`](#mkeyverificationrequest).
+
+          Indicates the
+          [`m.key.verification.request`](#mkeyverificationrequest) that this
+          message is related to. Note that for encrypted messages, this
+          property should be in the unencrypted portion of the event.
+
+          Note that sending a start event without a request is deprecated, and
+          clients should not send a start event without first sending a request
+          event, but clients should handle other clients doing so.
+        properties:
+          rel_type:
+            type: string
+            enum:
+              - m.reference
+            description: |-
+              The relationship type. Currently, this can only be an
+              [`m.reference`](/client-server-api/#reference-relations)
+              relationship type.
+          event_id:
+            type: string
+            description: |-
+              The event ID of the
+              [`m.key.verification.request`](#mkeyverificationrequest) that
+              this message is related to.
+        type: object
+        title: VerificationRelatesTo
    required:
      - from_device
      - method