Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-03-20 02:14:10 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #414 from matrix-org/markjh/replays

Browse source 
Document the requirement that clients track the message_index
This commit is contained in:
Mark Haines 2016-10-21 16:52:52 +01:00 committed by GitHub
parent 888e6a9f3b cbf94c88c2
commit 8a99d531a9
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
supporting-docs/guides/2016-10-18-e2e_implementation.rst
View file

@ -328,6 +328,12 @@ decrypted by passing the ciphertext into ``olm_group_decrypt``.
__ `m.room_key`_ __ `m.room_key`_
In order to avoid replay attacks a client should remember the megolm
``message_index`` returned by ``olm_group_decrypt`` of each event they decrypt
for each session. If the client decrypts an event with the same
``message_index`` as one that it has already received using that session then
it should treat the message as invalid.
The client should check that the sender's fingerprint key matches the The client should check that the sender's fingerprint key matches the
``keys.ed25519`` property of the event which established the Megolm session ``keys.ed25519`` property of the event which established the Megolm session
when `marking the event as verified`_. when `marking the event as verified`_.