Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2025-12-27 03:18:37 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

add information about verifying backup by entering key

Browse source
This commit is contained in:
Hubert Chathi 2019-07-31 16:37:54 -04:00
parent 1c4262e556
commit 825757ffd8
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
proposals/1219-storing-megolm-keys-serverside.md
View file

@ -493,7 +493,10 @@ key backup. This proposal does not attempt to protect against that.
An attacker who gains access to a user's account can create a new backup
version using a key that they control. For this reason, clients SHOULD confirm
with users before sending keys to a new backup version or verify that it was
created by a trusted device by checking the signature.
created by a trusted device by checking the signature. One way to confirm the
new backup version if the signature cannot be checked is by asking the user to
enter the recovery key, and confirming that the backup's public key matches
what is expected.
Other Issues
------------