From 48f9670b87ae35e734f524e9f959d8240df1ce52 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Wed, 14 Jan 2015 10:59:28 +0000
Subject: [PATCH] More comments on auth chain resolution

---
 drafts/erikj_federation.rst | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/drafts/erikj_federation.rst b/drafts/erikj_federation.rst
index 68087b2b..094d63e5 100644
--- a/drafts/erikj_federation.rst
+++ b/drafts/erikj_federation.rst
@@ -241,7 +241,20 @@ Auth chain resolution
 **TODO**: If an auth check fails, or if we get told something we accepted
 should have been rejected, we need to try and determine who is right.
 
-  
+Both should inform the other of what they think the current auth chain is. If
+either are missing auth events that they know are valid (through authorization
+and state resolution) they process the missing events as usual.
+
+If either side notice that the other has accepted an auth events we think
+should be rejected (for reasons *not* in their auth chain), that server should
+inform the other with suitable proof.
+
+The proofs can be:
+
+- An *event chain* that shows an auth event is *not* an ancestor of the event.
+- Given an event (and event chain?) showing that authorization had been revoked.
+
+
 
 State Resolution
 ----------------