Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-01-04 06:53:42 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

pepper is not a secret val. Still needs to be around.

Browse source
This commit is contained in:
Andrew Morgan 2019-07-24 15:27:48 +01:00
parent 3b8c57e06c
commit 8f3e588708
1 changed files with 16 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
proposals/2134-identity-hash-lookup.md
View file

@ -7,9 +7,9 @@ its contacts have registered a Matrix account, it performs a lookup against
an identity server. The client currently sends all of its contact details in
the form of plain-text addresses, meaning that the identity server can
identify and record every third-party ID (3PID) of the user's contacts. This
allows the identity server is able to collect email addresses and phone
numbers that have a high probability of being connected to a real person.
This data could then be used for marketing, political campaigns, etc.
allows the identity server to collect email addresses and phone numbers that
have a high probability of being connected to a real person. This data could
then be used for marketing, political campaigns, etc.
However, if these email addresses and phone numbers are hashed before they are
sent to the identity server, the server would have a more difficult time of
@ -71,10 +71,14 @@ denny@example.com
```
The client will hash each 3PID as a concatenation of the medium and address,
separated by a space and a pepper appended to the end. Note that phone numbers
should be formatted as defined by
separated by a space and a pepper appended to the end. Note that phone
numbers should be formatted as defined by
https://matrix.org/docs/spec/appendices#pstn-phone-numbers, before being
hashed). First the client must append the medium to the address:
hashed). Note that "pepper" in this proposal simply refers to a public,
opaque string that is used to produce different hash results between identity
servers. Its value is not secret.
First the client must append the medium to the address:
```
"alice@example.com" -> "alice@example.com email"
@ -102,12 +106,11 @@ GET /_matrix/identity/v2/hash_details
The name `lookup_pepper` was chosen in order to account for pepper values
being returned for other endpoints in the future. The contents of
`lookup_pepper` MUST match the regular expression `[a-zA-Z0-9]+` (unless no
hashing is being performed, as described below). If hashing is being
performed, and `lookup_pepper` is an empty string, clients MUST cease the
lookup operation.
`lookup_pepper` MUST match the regular expression `[a-zA-Z0-9]+`, whether
hashing is being performed or not. When no hashing is occuring, a pepper
value of at least length 1 is still required.
If hashing, the client should append the pepper to the end of the 3PID string.
If hashing, the client appends the pepper to the end of the 3PID string.
```
"alice@example.com email" -> "alice@example.com emailmatrixrocks"
@ -264,7 +267,8 @@ POST /_matrix/identity/v2/lookup
Note that even though we haven't used the `lookup_pepper` value, we still
include the same one sent to us by the identity server in `/hash_details`.
The identity server should still return `400 M_INVALID_PEPPER` if the pepper
is incorrect. This is intended to make implementation simpler.
is incorrect. This simplifies things and can help ensure the client is
requesting `/hash_details` properly before each lookup request.
Finally, the identity server will check its database for the Matrix user IDs
it has that correspond to these 3PID addresses, and returns them: