room ID is included in Megolm plaintext, not Olm
This commit is contained in:
Valentin Deniaud
parent
8ba19b51ab
commit
9430f2c7f9
1 changed files with 3 additions and 4 deletions
|
|
@ -366,7 +366,6 @@ The plaintext payload is of the form:
|
|||
{
|
||||
"type": "<type of the plaintext event>",
|
||||
"content": "<content for the plaintext event>",
|
||||
"room_id": "<the room_id>",
|
||||
"sender": "<sender_user_id>",
|
||||
"recipient": "<recipient_user_id>",
|
||||
"recipient_keys": {
|
||||
|
|
@ -379,9 +378,6 @@ The plaintext payload is of the form:
|
|||
|
||||
The type and content of the plaintext message event are given in the payload.
|
||||
|
||||
We include the room ID in the payload, because otherwise the homeserver would
|
||||
be able to change the room a message was sent in.
|
||||
|
||||
Other properties are included in order to prevent an attacker from publishing
|
||||
someone else's curve25519 keys as their own and subsequently claiming to have
|
||||
sent messages which they didn't.
|
||||
|
|
@ -433,6 +429,9 @@ The encrypted payload can contain any message event. The plaintext is of the for
|
|||
"room_id": "<the room_id>"
|
||||
}
|
||||
|
||||
We include the room ID in the payload, because otherwise the homeserver would
|
||||
be able to change the room a message was sent in.
|
||||
|
||||
Clients must guard against replay attacks by keeping track of the ratchet indices
|
||||
of Megolm sessions. They should reject messages with a ratchet index that they
|
||||
have already decrypted. Care should be taken in order to avoid false positives, as a
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue