Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-02-04 05:13:42 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #414 from matrix-org/markjh/replays

Browse source 
Document the requirement that clients track the message_index
This commit is contained in:
Mark Haines 2016-10-21 16:52:52 +01:00 committed by GitHub
parent 888e6a9f3b cbf94c88c2
commit 8a99d531a9
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
supporting-docs/guides/2016-10-18-e2e_implementation.rst
View file

@ -328,6 +328,12 @@ decrypted by passing the ciphertext into ``olm_group_decrypt``.
__ `m.room_key`_
In order to avoid replay attacks a client should remember the megolm
``message_index`` returned by ``olm_group_decrypt`` of each event they decrypt
for each session. If the client decrypts an event with the same
``message_index`` as one that it has already received using that session then
it should treat the message as invalid.
The client should check that the sender's fingerprint key matches the
``keys.ed25519`` property of the event which established the Megolm session
when `marking the event as verified`_.