Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2025-12-22 17:28:38 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
matrix-spec/proposals/3122-deprecate-starting-verifications-without-request.md
Travis Ralston f295e828dc
Fix non-permanent links in MSCs to withstand time (#3422) 
As "unstable" changes and "latest" becomes no more, these sorts of links should be updated to reference the approximate section they intended to reference at the time of writing.

This change tries to link up the relevant bits for the time of the proposal, though it's not a perfect match. Some MSCs were brought into the spec before an API version could be assigned to the "old" text, so github permalinks are used instead.
2021-10-12 12:04:27 -06:00

41 lines
1.4 KiB
Markdown
Raw Blame History

# MSC3122: Deprecate starting key verifications without requesting first
Currently, the [Key verification
framework](https://matrix.org/docs/spec/client_server/r0.6.1#key-verification-framework)
allows a device to begin a verification via to-device messages by sending an
`m.key.verification.start` event without first sending or receiving an
`m.key.verification.request` message. (The last sentence of the 5th paragraph
of the Key verification framework in the unstable spec, as of the time of
writing.) However, doing so does not provide a good user experience, and
allowing this adds unnecessary complexity to implementations.
We propose to deprecate allowing this behaviour.
Note that verifications in DMs do not allow this behaviour. Currently, Element
Web is the only client known to do this.
## Proposal
The ability to begin a key verification by sending an
`m.key.verification.start` event as a to-device event without a prior
`m.key.verification.request` is deprecated. New clients should not begin
verifications in this way, but will still need to accept verifications begun in
this way, until it is removed from the spec.
## Potential issues
None.
## Alternatives
We could do nothing and leave it in the spec. But we should clean up cruft when
possible.
## Security considerations
None.
## Unstable prefix
No unstable prefix is required since we are simply deprecating behaviour.
Reference in a new issue View git blame Copy permalink