From f2b51f6a62e660f100e01aa2206028f149367c80 Mon Sep 17 00:00:00 2001 From: timedout Date: Sat, 21 Mar 2026 16:46:52 +0000 Subject: [PATCH 1/2] Clarify how multiple signatures should be handled during verification Signed-off-by: timedout --- content/server-server-api.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/content/server-server-api.md b/content/server-server-api.md index 8bc0d28b..eb66d9a4 100644 --- a/content/server-server-api.md +++ b/content/server-server-api.md @@ -1484,10 +1484,9 @@ the Policy Server for a signature too. When a server receives an event over federation from another server, the receiving server should check the hashes and signatures on that event. -First the signature is checked. The event is redacted following the -[redaction -algorithm](/client-server-api#redactions), and -the resultant object is checked for a signature from the originating +First the signatures are checked. The event is redacted following the +[redaction algorithm](/client-server-api#redactions), and +the resultant object is checked for signatures from the originating server, following the algorithm described in [Checking for a signature](/appendices#checking-for-a-signature). Note that this step should succeed whether we have been sent the full event or a @@ -1503,7 +1502,7 @@ The signatures expected on an event are: Other room versions do not track the `event_id` over federation and therefore do not need a signature from those servers. -If the signature is found to be valid, the expected content hash is +If all signatures from known keys are found to be valid, the expected content hash is calculated as described below. The content hash in the `hashes` property of the received event is base64-decoded, and the two are compared for equality. From e3744b1deea3fd001185af24acc1b466da9d23bb Mon Sep 17 00:00:00 2001 From: timedout Date: Sat, 21 Mar 2026 16:51:17 +0000 Subject: [PATCH 2/2] Add changelog entry Signed-off-by: timedout --- changelogs/server_server/newsfragments/2341.clarification | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelogs/server_server/newsfragments/2341.clarification diff --git a/changelogs/server_server/newsfragments/2341.clarification b/changelogs/server_server/newsfragments/2341.clarification new file mode 100644 index 00000000..868c353e --- /dev/null +++ b/changelogs/server_server/newsfragments/2341.clarification @@ -0,0 +1 @@ +Clarify how multiple signatures should be handled during signature verification. Contributed by @nexy7574.