Merge pull request #1465 from Zil0/key_sharing

Document key sharing events
2018-08-29 23:05:17 -04:00 · 2018-08-29 23:05:17 -04:00 · 4230e375fa
commit 4230e375fa
parent 0130620cc1 faa13aaa40
7 changed files with 186 additions and 0 deletions
--- a/specification/modules/end_to_end_encryption.rst
+++ b/specification/modules/end_to_end_encryption.rst
@ -283,6 +283,31 @@ Device verification may reach one of several conclusions. For example:
   decrypted by such a device. For the Olm protocol, this is documented at
   https://matrix.org/git/olm/about/docs/signing.rst.

+Key sharing
+-----------
+
+If Bob has an encrypted conversation with Alice on his computer, and then logs in
+through his phone for the first time, he may want to have access to the previously
+exchanged messages. To address this issue, events exist for requesting and sending
+keys from device to device.
+
+When a device is missing keys to decrypt messages, it can request the keys by
+sending `m.room_key_request`_ to-device messages to other devices with
+``action`` set to ``request``. If a device wishes to share the keys with that
+device, it can forward the keys to the first device by sending an encrypted
+`m.forwarded_room_key`_ to-device message. The first device should then send an
+`m.room_key_request`_ to-device message with ``action`` set to
+``cancel_request`` to the other devices that it had originally sent the key
+request to; a device that receives a ``cancel_request`` should disregard any
+previously-received ``request`` message with the same ``request_id`` and
+``requesting_device_id``.
+
+.. NOTE::
+
+  Key sharing can be a big attack vector, thus it must be done very carefully.
+  A reasonable stategy is for a user's client to only send keys requested by the
+  verified devices of the same user.
+
 Messaging Algorithms
 --------------------

@ -470,6 +495,10 @@ Events

 {{m_room_key_event}}

+{{m_room_key_request_event}}
+
+{{m_forwarded_room_key_event}}
+
 Key management API
 ~~~~~~~~~~~~~~~~~~