From 9430f2c7f9a2b31de29ed08f8a5260706546cfe9 Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <valentin.deniaud@inpt.fr>
Date: Fri, 17 Aug 2018 15:12:14 +0200
Subject: [PATCH] room ID is included in Megolm plaintext, not Olm

---
 specification/modules/end_to_end_encryption.rst | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/specification/modules/end_to_end_encryption.rst b/specification/modules/end_to_end_encryption.rst
index b224126d..fa461cc2 100644
--- a/specification/modules/end_to_end_encryption.rst
+++ b/specification/modules/end_to_end_encryption.rst
@@ -366,7 +366,6 @@ The plaintext payload is of the form:
    {
      "type": "<type of the plaintext event>",
      "content": "<content for the plaintext event>",
-     "room_id": "<the room_id>",
      "sender": "<sender_user_id>",
      "recipient": "<recipient_user_id>",
      "recipient_keys": {
@@ -379,9 +378,6 @@ The plaintext payload is of the form:
 
 The type and content of the plaintext message event are given in the payload.
 
-We include the room ID in the payload, because otherwise the homeserver would
-be able to change the room a message was sent in.
-
 Other properties are included in order to prevent an attacker from publishing
 someone else's curve25519 keys as their own and subsequently claiming to have
 sent messages which they didn't.
@@ -433,6 +429,9 @@ The encrypted payload can contain any message event. The plaintext is of the for
       "room_id": "<the room_id>"
     }
 
+We include the room ID in the payload, because otherwise the homeserver would
+be able to change the room a message was sent in.
+
 Clients must guard against replay attacks by keeping track of the ratchet indices
 of Megolm sessions. They should reject messages with a ratchet index that they
 have already decrypted. Care should be taken in order to avoid false positives, as a