Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-02-16 11:03:42 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #1833 from matrix-org/travis/misc/domain-security

Browse source 
Document domain reuse concerns
This commit is contained in:
Travis Ralston 2019-01-31 16:07:21 -07:00 committed by GitHub
parent 0f3aa3fa8a 48e4d6e412
commit fb36757869
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
specification/server_server_api.rst
View file

@ -1303,6 +1303,16 @@ Example code
known hash functions like SHA-256 when none of the keys have been redacted]] known hash functions like SHA-256 when none of the keys have been redacted]]
Security considerations
-----------------------
When a domain's ownership changes, the new controller of the domain can masquerade
as the previous owner, receiving messages (similarly to email) and request past
messages from other servers. In the future, proposals like
`MSC1228 <https://github.com/matrix-org/matrix-doc/issues/1228>`_ will address this
issue.
.. |/query/directory| replace:: ``/query/directory`` .. |/query/directory| replace:: ``/query/directory``
.. _/query/directory: #get-matrix-federation-v1-query-directory .. _/query/directory: #get-matrix-federation-v1-query-directory