Clarify the rationale and motive for blanket IP banning and port exclusion

2026-01-04 06:53:42 +01:00 · 2018-08-27 16:14:37 -06:00 · 2018-08-27 16:14:37 -06:00 · 76afef79f8
parent 82be6077ff
commit 76afef79f8
2 changed files with 9 additions and 2 deletions
--- a/event-schemas/schema/m.room.server_acl
+++ b/event-schemas/schema/m.room.server_acl
@ -51,6 +51,10 @@ properties:
        description: |-
          True to allow server names that are IP address literals. False to
          deny. Defaults to true if missing or otherwise not a boolean.
+
+          This is strongly recommended to be set to ``false`` as servers running
+          with IP literal names are strongly discouraged in order to require 
+          legitimate homeservers to be backed by a valid registered domain name.
      allow:
        type: array
        description: |-
--- a/specification/modules/server_acls.rst
+++ b/specification/modules/server_acls.rst
@ -17,7 +17,7 @@ Server Access Control Lists (ACLs) for rooms

 .. _module:server-acls:

-In some scenarios room operators may wish to prevent a malicous or untrusted
+In some scenarios room operators may wish to prevent a malicious or untrusted
 server from participating in their room. Sending an `m.room.server_acl`_ state
 event into a room is an effective way to prevent the server from participating
 in the room at the federation level.
@ -30,7 +30,10 @@ similar to setting the ``m.federate`` value on the `m.room.create`_ event.

 .. Note::
   Port numbers are not supported because it is unclear to parsers whether a
-   port number should be matched or an IP address literal.
+   port number should be matched or an IP address literal. Additionally, it
+   is unlikely that one would trust a server running on a particular domain's
+   port but not a different port, especially considering the server host can
+   easily change ports.

 .. Note::
   CIDR notation is not supported for IP addresses because Matrix does not